Nuisance caller fined by UK ICO

On March 2, 2020, the UK Information Commissioner’s Office imposed the maximum fine (under pre GDPR legislation) of £500,000 on CRDNN Limited, a Scottish company formerly known as Contact Reach Digital Limited, for making 193 million nuisance calls from spoofed numbers, including 1.6 million per day.  The action was pursuant to the Privacy and Electronic Communications Regulations 2003 (PECR), which gives the ICO the power to impose a monetary penalty up to £500,000 on a data controller for transmitting recorded calls for direct marketing purposes using inaccessible calling IDs or to consumers who have notified the caller that they do not consent to receive the calls.  The ICO found that CRDNN’s actions were in contravention of PECR regulations 19 (non-consensual automated direct marketing calls) and 24  (from spoofed numbers).  An Enforcement Notice was issued on February 26, 2020, requiring the company to comply within 35 days.

ICO news release | ICO enforcement notice