GDPR breaches and the misuse of data is a growing problem that consumers are becoming increasingly savvy about, and the issue of ‘when is a survey not a survey?’ has landed a data broker in hot water.
Data-broker Verso has been fined £80,000 after failing to tell people exactly what their information would be used for. The fine is the first handed down by the Information Commissioner’s Office (‘ICO’) as part of a wider investigation into the data-broking industry.
The Hertfordshire-based business, which celebrates itself as the UK’s premier lead generation provider, was found to have supplied data to firms that the ICO had investigated over nuisance calls.
One business, Prodial, was fined £350,000 by the ICO – a record at the time it was issued in February 2016 – for making 46 million nuisance calls. These investigations led the watchdog to the door of Verso, which supplied the business with large volumes of the personal data it used for the calls.
After asking Verso how it had obtained and supplied the data, the ICO was told that some was from other companies and websites, and some gathered by the firm itself.
On further investigation, the ICO found that Verso had failed to provide the data subjects with sufficiently specific information about which companies would see and use their data.
MISLEADING DATA GATHERING
Verso contacted people in the UK from overseas call centres, personal data was amassed by telling people it was for a survey, when they were “in fact lead generation calls“, the ICO said.
It also gathered information from other businesses by buying packages of data without ensuring that individuals had consented to their personal data being supplied to Verso, or for onward sales to other companies for direct marketing.
The watchdog concluded that its activities “constituted serious contraventions” of data protection laws that were “systemic” and involving large volumes of personal data.
“This type of unlawful data trading directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens,” said James Dipple-Johnstone, ICO Deputy Commissioner.
“Businesses need to understand they don’t own personal data – people do and those people have the right to know what is happening to it and who is likely to be contacting them for marketing.”
The ICO said its investigation into data broking was also looking at how credit reference agencies process personal data.
Have you been affected by data protection breaches, nuisance calls and spam texts? How did you resolve it?