Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight
By 
Neil Hodge2023-02-28T13:00:00
Experian won a legal battle against the U.K. Information Commissioner’s Office (ICO) after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.
In October 2020, following a two-year investigation, the ICO issued Experian an enforcement notice—rather than a fine—for breaching the European Union’s General Data Protection Regulation (GDPR) by processing and selling personal data for postal and telephone marketing campaigns without people’s knowledge or consent.
Through its direct marketing arm, Experian acquired personal data on people from a mix of publicly available sources like the electoral register, other data suppliers, and its own credit reference business, according to the ICO. Rather than try to gain consumers’ consent, Experian allegedly relied on the concept of “legitimate interest” to use personal data to build a profile on around 50 million adults, which it then sold to third parties to help target marketing promotions more effectively.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefExperian failed to correct flawed financial data about consumers, CFPB complaint alleges
Experian, the credit reporting giant, let compliance slide when it came to addressing consumer complaints about incorrect data, the Consumer Financial Protection Bureau said in a lawsuit against the credit agency.
-
News BriefTransUnion settles with CFPB, FTC over tenant screening accuracy
Credit reporting agency TransUnion agreed to pay $23 million total across settlements with the Consumer Financial Protection Bureau and Federal Trade Commission for alleged tenant screening and security freeze deficiencies.
-
PremiumExperts: Austrian Post GDPR ruling offers clarity on damages compensation
A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.
More from Regulatory Enforcement
-
News BriefFTC sues Uber over deceptive subscriptions, a rare move for consumers by Trump officials
The Federal Trade Commission (FTC) filed a lawsuit against Uber, alleging the ride-hailing company signed customers up for its Uber One subscription without consent, then made it hard for them to cancel. The move marks the U.S. government’s latest broadside against big tech companies, and the first major action from ...
-
News BriefCFPB pullback signals further shift toward industry-friendly regulation
The U.S. Consumer Financial Protection Bureau continues to unravel amid pressure from Trump administration officials to shutter the agency. Not only has the agency informed its employees that it will no longer be a watchdog for the financial services industry, it has also laid off employees despite court orders blocking ...
-
News BriefTrump’s CFPB, dismissing Comerica case, continues to cut down Biden-era lawsuits
The Consumer Financial Protection Bureau dropped yet another consumer protection lawsuit against a bank or fintech provider since Donald Trump was sworn in as president in January. This time, it was with Comerica Bank.