Europe data privacy decisions round-up August 2021

A round-up of some of the most recent data privacy decisions led by data protection authorities in Europe. United Kingdom The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative under Article 27 GDPR cannot outsource liability for breaches of the GDPR. The representative can … Read more

Most ironic PECR fine yet as firm selling nuisance call blocker fined under TPS rules

Old phone sitting on desk

A new contender for the most ironic PECR fine yet has entered the ring: The Information Commissioner’s Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS). The fine follows an assessment under the Privacy … Read more

ICO fines protein e-commerce company Muscle Foods Limited for sending millions of marketing messages without valid consent

Salmon and High Protein Foods on a Table

Over seven months, the ICO estimates that protein retailing e-commerce company Muscle Food sent 135,651,627 marketing emails and 6,354,426 marketing SMS messages without valid consent. The ICO have issued Muscle Foods Limited, trading as Muscle Food, a monetary penalty notice and enforcement notice imposing a fine of £50,000 for sending approximately 135,651,627 marketing emails and … Read more

ICO fines “Digital Growth Experts Ltd” £60,000 for sending thousands of nuisance marketing texts during coronavirus pandemic

Handgel Applied to Woman's Hand

The ICO have recently fined “Digital Growth Experts Ltd”, formerly “Motorhome Brokers Ltd” for sending thousands of marketing text messages without consent.  This brazen breach of PECR occured between 29 February and 30 April 2020. Reportedly, 16,190 messages were received, promoting a hand sanitising gel. During their investigation the ICO found that Digital Growth Experts … Read more

Security firm fined under GDPR after employee used WhatsApp to transfer personal information

WhatsApp on Phone

On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona Airport Security Guard Association (AVSAB) under the GDPR. The case found that a member of the AVSAB security group had used WhatsApp to send messages to private phone numbers containing personal information about employees.  The … Read more

Spanish Data Authority (AEPD) fines e-commerce website €3,000 for unlawful cookie practices

Phone & Earphones

On 6 August 2020, the AEPD (Spain’s data authority) decided to fine Grow Beats SL, an e-commerce company that targets a young audience to sell audio equipment like earphones and speakers, €3,000 for unlawful cookie practices. The fine relates to their unlawful use of cookies on the website. Specifically, that there mechanism was established to … Read more