News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
Experian won a legal battle against the U.K. Information Commissioner’s Office (ICO) after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.
In October 2020, following a two-year investigation, the ICO issued Experian an enforcement notice—rather than a fine—for breaching the European Union’s General Data Protection Regulation (GDPR) by processing and selling personal data for postal and telephone marketing campaigns without people’s knowledge or consent.
Through its direct marketing arm, Experian acquired personal data on people from a mix of publicly available sources like the electoral register, other data suppliers, and its own credit reference business, according to the ICO. Rather than try to gain consumers’ consent, Experian allegedly relied on the concept of “legitimate interest” to use personal data to build a profile on around 50 million adults, which it then sold to third parties to help target marketing promotions more effectively.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.