Experian Threatened With Massive GDPR Fine After Acting Unlawfully

The UK’s privacy regulator has warned Experian that it has nine months to comply with an enforcement notice or face a potentially huge GDPR fine for illegally using customer data for marketing purposes.

The Information Commissioner’s Office (ICO) revealed in a new report that its action resulted from a two-year investigation into the activities of the three big credit reference agencies (CRAs): Experian, TransUnion and Equifax.

The three companies were found to be “trading, enriching and enhancing” the data of consumers data without their knowledge, and selling it in products designed for businesses, political parties and charities to target specific individuals and build profiles on them.

They were also using the information collected for credit referencing in their own direct marketing, and generating new information via profiling, the ICO said.

This “invisible” data processing is said to have affected millions of UK adults: not only were they not informed about how their data was being used, but the CRAs also misread the law to apply lawful bases incorrectly for processing people’s data.

Both Equifax and TransUnion made improvements to their data practices whilst withdrawing some products, however, Experian refused, which is why it is now facing the enforcement notice.

By July 2021, the firm needs only to inform customers that it holds their data and how it intends to use it for marketing purposes. By January 2021 it must also stop using data derived from its credit checks for direct marketing, according to the regulator.

Other conditions of the notice include: stopping the processing of data collected unlawfully, deleting any data collecte ..

Support the originator by clicking the read the rest link below.