PLEASE NOTE: Our website uses a technology called cookies to improve your experience. One of the cookies we use is essential for parts of the site to operate and may have already been set. You may delete and block all cookies from this site, but parts of the site will not work. For more information see our privacy policy.

To accept cookies from this site (and hide this notice) please check this box and click the continue button.

HomeThe IssuesOur ServicesOur TeamPublicationsTestimonialsNewsletterContact us

On the case - February 2006

February 2006

How do the UK’s Data Protection enforcement record and penalties compare with other countries?



Just as the legislation differs from country to country in Europe, the approach to enforcement and penalties also varies widely. Spain probably leads the way in vigorous pursuit of data protection offenders and has a record of targeting large multinationals. The Agencia Espanola de Proteccion de Datos has imposed fines on over 500 companies totalling tens of millions of Euros; Microsoft was fined around 30,000 Euros for a relatively minor misdemeanour. The 16 local Landers which govern the bulk of Data Protection implementation in Germany have also been pretty active in asserting the rights of individuals and the Dutch privacy regulator has fined spammers as much as €27,500. The French CNIL has been particularly harsh with the finance, credit and banking sectors and the Italian Garante has recently dismayed direct marketers with some extremely negative rulings on the use of public data (DMI January).


Meanwhile, in the USA, Can-Spam and Do-Not-Call (DNC) regulations have already been tested in Court and penalties have been extreme. Last year the US courts sentenced a man who broadcast tens of millions of junk emails to nine years in jail. Separately, Scott Richter was ordered to pay $7 million to Microsoft for sending illegal spam and more recently the State of Indiana has sued five Florida-based businesses for making hundreds of sales calls to people registered on the state’s do-not-call list.  Fines up to $100,000 are likely to follow.


So where does the UK Information Commissioner stand in the enforcement running? On the surface, pretty low down, with only 12 successful prosecutions in 2004/5 and fines failing to top £10,000. The enforcement powers available are notoriously clumsy, not to say inadequate, but it is clear that there has been a huge amount of behind the scenes activity – the investigation of nearly 20,000 complaints for example. The UK Commissioner seems, therefore, to be doing as he promised, to “…use carrots where possible, but be ready to use the sticks where necessary.”


On the other hand, the real danger for non-compliant marketers may lie with consumer action. A disgruntled company director, Nigel Roberts recently took a company to Court for spamming and won. In doing so he has received a landmark ruling and, quite possibly, opened the floodgates for multiple compensation claims.


Now that’s what I call a “big stick”!

Other recent items: