Currently there are two trends on cookie consent banner design – either (1) the “Accept All” and “Reject All” options are shown in the first layer of a cookie consent management solution, or (2) only the “Accept All” option is shown in the first layer together with a link to the second layer of the cookie consent management solution where the user can reject to the use of non-essential cookies. There is more clarity on the views of the UK data protection authority on whether a “Reject All” option in the first layer of a cookie consent management solution is required.Continue Reading “Reject All” button in cookie consent banners – An update from the UK and the EU
On 4 May 2020, the European Data Protection Board (EDPB) adopted an updated set of guidelines on consent (Guidelines) under the General Data Protection Regulation (GDPR). These updates were made to the original guidelines published by the Article 29 Working Party on 10 April 2018, which the EDPB endorsed at its first plenary meeting on 25 May 2018.
The Information Commissioner’s Office (ICO) announced a £100,000 fine imposed on the telecoms company, EE Limited (EE), for breaching the Privacy and Electronic Communications Regulations 2003 (PECR). The timing of the breach meant that the General Data Protection Regulation 2016/679 (GDPR) was not applicable.
EE sent customers a text message encouraging them to…
The UK government has issued the Privacy and Electronic Communications Regulations (Amendment) 2018 (ePrivacy Regs), which comes into force on 17 December 2018.
The ePrivacy Regs amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and modify the application of the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 and the Data Protection (Monetary Penalties) Order 2010. The amendments are intended to ensure that the regime covering breaches is “effective, proportionate and dissuasive” in accordance with the criteria outlined in the PECR.
Background on PECR
In Xerpla Ltd v. Information Commissioner  UKFTT 2017_0262 (GRC) (14 August 2018), an English General Regulatory Tribunal has overturned a fine, issued by the Information Commissioner’s Office (ICO) against the direct marketing company, Xerpla Ltd, after the ICO determined that Xerpla had failed to obtain the necessary consents for electronic communications to its subscribers.
The ICO fined Xerpla £50,000 in October 2017 for sending 1.26 million marketing emails to its subscribers, which, according to the ICO, breached the Privacy and Electronic Communications (EC Directive Regulations 2003) (PECR). Central to PECR is that any direct marketing emails to subscribers must only be sent with the prior consent of the email recipient.
The tribunal found that Xerpla’s subscribers had “consented to, and knew they were consenting to, the direct marketing of third party offers for all kind of products and services… That is why they subscribed…” It was therefore considered obvious what was being consented to, given the services offered by Xerpla.Continue Reading First tribunal case overturning an ICO fine for sending marketing emails without opt-in consent
In a decision of 31 August 2015, the First-Tier Tribunal provided important clarification on the use of third-party mailing lists. Optical Express v Information Commissioner (EA/2014/0014) is significant for organisations that use or are considering using such lists.
The case was concerned with an appeal by Optical Express (‘OE’) against an Enforcement Notice issued by the Information Commissioner. The Notice required OE to stop sending unsolicited marketing text messages to individuals without their consent. OE had obtained recipient details under data supplier agreements with Thomas Cook, and Thomas Cook had obtained these details by asking individuals to complete a travel survey which had a tick-box option to indicate that they were happy to receive marketing communications from third parties. OE argued that this was valid consent, and therefore the text messages were not unsolicited.
Continue Reading Optical Express appeal highlights the need for caution over third-party marketing lists