Emailmovers Limited – Violation Found (United Kingdom, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The UK's Information Commissioner's Office found that Emailmovers Limited was acting as a data controller, not just a processor, of personal data. The company had more control over the data than it claimed. This decision is crucial for businesses to understand their responsibilities in handling personal data.
What happened
The ICO determined that Emailmovers Limited was a data controller, not just a processor, of personal data.
Who was affected
Individuals whose personal data, including email addresses, was managed by Emailmovers Limited.
What the authority found
The ICO concluded that Emailmovers Limited determines the purposes and means of processing, making it a data controller.
Why this matters
This finding highlights the importance for companies to accurately identify their role in data processing. It underscores the need for businesses to understand their obligations under data protection laws, especially regarding control over personal data.
GDPR Articles Cited
Emailmovers Limited (EML) advertises its services, such as email data, email cleansing, email marketing, etc...). It has a database of data subjects' email addresses. On its website, it claims that it has a "GDPR and PECR [Privacy and Electronic Communications (EC Directive) Regulations 2003] compliant email database". The data was received from an unamed organisation that collected the individual's personal data and mentioned that it may be shared with third parties for marketing purposes. In 2018, EML was investigated by the Information Commissioner's Office (ICO). EML provided the ICO enforcement team with 7000 records of personal data (names, dates of birth, postcodes, phone numbers, email addresses). Emailmovers Limited claimed to be a data processor rather than a controller to the ICO. It claimed so on the basis that it processed data subjects' personal data on behalf of business clients that it had. It also relied on a document ("Legal and Commercial Terms for the Supply of Commercial and Personal Data") where it classified itself as a processor to its business clients. The Information Commissioner's Office first established that Emailmovers Limited (EML) was a data controller by virtue of the definition in Article 4(7) GDPR. First, the ICO highlighted that EML's "Legal and Commercial Terms..." points to the fact that EML decided who it supplied the personal data to. Additionally, the ICO found that EML determined the purposes of processing the personal data when deciding whether to disclose the database to certain business clients. EML also had broad discretion over how the data is created, stored and manipulated. The ICO also clarified that the fact that the "Legal and Commercial Terms..." document specified that EML was a processor is not conclusive. Instead, one must rely on the definition of controller found in Article 4(7) GDPR. The ICO concluded that EML determines the purposes and means of processing and is as such a data controller. The ICO co
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Emailmovers Limited in UK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Emailmovers Limited - United Kingdom (2021). Retrieved from cookiefines.eu
Last updated: