Weekly Privacy Update

The data protection enforcement is getting intense whether it may be the PECR, GDPR or other supplementary guidelines and updates. The global shift towards a great privacy consciousness is now being supported with active fines, swift legal enforcement actions and a stricter enforcement regime when it comes to the legal consequences of violations.

This has been a week for swift penalties. The ICO has recently wrapped up a compliance failure case within 30 days. Similarly, there is great progress in court hearings across the EU. The Twitter violations that took place over the past 2 years are now being investigated by the European Data Protection Board (EDPB).

On the other hand, the ICO has enforced some stringent fines under the Privacy & Electronic Communications Regulation (PECR). This is a good reminder for companies to ensure that they are compliant with the PECR.

Here are the top headlines from the privacy world:

What is the PECR? A complete guide

Since the privacy watchdogs are becoming increasingly active towards reprimanding businesses for their failure to uphold the law framed under the Privacy & Electronic Communications Regulation (PECR), it is become imperative for companies to understand and adhere to this regulation.

ICO fines Digital Growth Experts Ltd

The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Ltd (DGEL) £60,000 for sending direct marketing texts to customers using data collected for free samples in direct marketing.

The DGEL has also been issued with an enforcement notice ordering it to comply with the PECR within 30 days of receipt of the notice. And yes, this can happen to any business. Failure to comply leads to further legal actions.

ICO issues a fine of £130,000 for making unauthorised cold calls

Swansea based company, CPS Advisory Ltd, has been fined £130,000 by the Information Commissioner’s Office (ICO) for making 106,987 unauthorized direct marketing calls to people about their pensions. This was another case that has set the tone and precedent for the ICO to reprimand non serious businesses.

It calls this behaviour a “a significant intrusion into the privacy of the recipients of such calls”. This case now serves as a reminder of the ICO’s consistent focus on taking enforcement action arising out of breaches of PECR, particularly in the financial services context.

ICO issues enforcement notice to Studios MG Limited

The Information Commissioner’s Office (ICO) has issued an enforcement notice against Studios MG Limited for sending thousands of unlawful marketing campaigns to people without their permission.

The notice is in relation to a serious contravention of Regulation 22 of the Privacy and Electronic Communications Regulation (PECR).

This was a breach under the European Directive 95/46/EC as: “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed” is only considered consent. Without such consent the communication becomes unlawful.

EDPB steps into Twitter investigation

The Irish DPC has now concluded its investigation into a number of data breaches suffered by Twitter in late 2018 and early 2019. As part of its investigation, the DPC also considered whether Twitter had satisfied its obligation under the GDPR to make timely disclosure of the breaches.

The European Data Protection Board (EDPB) has now taken over this investigation and could decide Twitter’s fate, including a possible fine of up to 4% of its worldwide revenue. On the other hand, the Irish DPC is the lead agency investigating Facebook’s WhatsApp and Instagram, among other technology companies leaving no big or small name out.

Read more here

Gartner predicts data protection regulations to expand worldwide by 2023

Results of a recent survey conducted by global research firm Gartner highlights a key prediction under which majority of the world will be covered by data protection regulations by 2023. These regulations will largely be based on the General Data Protection Regulation and will expand on it where required.

Read more here

What are the cookie requirements under the PECR?

Here is a guide specifically on the use of cookies and similar technologies under the PECR law. Every organisation under the territory of the European Economic Area (EEA) is under a legal obligation to obtain consent for the use of cookies and similar technologies.

Obligations under the PECR

Are you aware of your obligations under the PECR? Do you know what you need to do in order to ensure that your organization is compliant? You can educate yourself with this video

Have you conducted a PECR audit?

Are you aware of the current gaps in your organization under the PECR? Have you conducted an audit to identify the key risk areas and assess a potential solution? If not, then lets Seers help you with its innovative PECR assessment solution:

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month