CPS Advisory Limited – €152,100 Fine (United Kingdom, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
CPS Advisory Limited was fined for making unsolicited marketing calls about personal pensions without proof that they had permission to do so. This matters because it highlights the importance of getting consent before contacting potential customers. Small businesses should ensure they have clear consent from people before reaching out with marketing offers.
What happened
CPS Advisory Limited made unsolicited direct marketing calls related to personal pensions without evidence of specific consent.
Who was affected
People who received unsolicited marketing calls about personal pensions from CPS Advisory Limited were affected.
What the authority found
The Information Commissioner's Office found that CPS Advisory Limited violated ePrivacy rules by failing to obtain consent for their marketing calls.
Why this matters
This case emphasizes that companies must obtain clear consent before making marketing calls. It serves as a reminder for small businesses to review their marketing practices to avoid similar penalties.
National Law Articles
CPS Advisory Limited (CPSAL) conducted direct marketing calls in relation to personal pensions. The data CPSAL used to conduct the calls had been purchased from third party data providers, for which it was unable to provide evidence of specific consent, claiming though that consent be “highly likely”. Did CPSAL act in contravention of Regulation 21B PECR and, if so, were the conditions of Section 55A of the Data Protection Act 1998 (DPA98) satisfied? The Information Commissioner (Commissioner) finds that CPSAL made unsolicited calls for the purposes of direct marketing in relation to occupational or personal pensions and thereby violated Regulation 21B PECR. On the basis of Article 55A the Commissioner issues a monetary penalty notice (£ 130.000). Upon establishing the applicability of Regulation 21B PECR, the Commissioner examines the relevant exemptions as laid out therein. She confirms that none of these apply as CPSAL was neither an “authorised person” nor a trustee or manager of a relevant pension scheme. In particular could it neither be established that CPSAL acted as an ‘Appointed Representative - Introducer’ (IAR) as it had claimed, nor were IARs even included in the relevant list as defined by Section 31 (1) of the Financial Services and Markets Act 2000 (FSMA). Even if this had been the case, was it evident from a look on the third party data provider websites that “the means by which consent was obtained did not allow for it to be freely given, specific, or informed.” The Commissioner continues by examining the conditions laid out by Article 55A DPA98. She confirms the seriousness of the above confirmed contravention of Regulation 21B PECR. The at least 106 987 confirmed conducted calls represent “significant intrusion into the privacy of the recipients”. Although the contravention was not deliberate, did it have to be seen as negligent, since it was a reasonable expectation for CPSAL to be aware of the prohibition. This be in general, with referen
Violations (1)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Enforcement Actions (0)
No other enforcement actions found for CPS Advisory Limited in UK
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
4 September 2020
Authority
Information Commissioner's Office
Fine Amount
€152,100
130,000 GBP
GDPRhub ID
gdprhub-2702About this data
Cite as: Cookie Fines. CPS Advisory Limited - United Kingdom (2020). Retrieved from cookiefines.eu
Last updated: