Data protection authorities impose some of the highest fines in their history

The imposition of high fines, such as those imposed by the German and French authorities, is also becoming a reality in our country. Interestingly, however, the hefty fines weren’t for violating the GDPR, but for unsolicited advertising.

Over the past year, the Czech Office for Personal Data Protection (“the Office”) fined several companies totaling CZK 3,111,000 (approximately EUR 122,000) for sending from spam to data mailboxes. The previous year, the Office fined a used car dealer CZK 6,000,000 (approximately EUR 235,000) for sending its commercial messages to 500,000 e-mail addresses, the vast majority of which were unsolicited advertisements. The Office justified the amount of the fine in the case of the concessionaire on the basis of the increased social harm caused by the infringement in view of the entrepreneur’s long professional activity in the sector, system errors far-reaching and the flagrant invasion of the privacy of certain recipients. The Office also took into account the high number of recipients of the unsolicited commercial communication and the so-called repetition of addresses. This means that commercial communications are sent repeatedly to the same person.

Spamming is illegal in most states. The legislation provides for an opt-in principle for direct commercial communications, i.e. the possibility of sending commercial communications only if the recipient of the communication has given his consent. The sender of the message must be able to prove their consent. An exception to the opt-in principle is the opt-out principle. The opt-out principle means that commercial communications are only sent to persons whose e-mail address the sender has already received when selling goods or services. Indeed, it is assumed that the customer is interested in products or services similar to those he has previously purchased and can therefore benefit from these commercial communications. At the same time, however, the sender is obliged to give the customer the possibility of refusing to receive communications. The sender must do so in a clear, simple and free manner when sending each message.

“Spam” is a general term for unwanted and unsolicited communications, usually sent in the form of emails, text messages or via social media. Spam includes not only unsolicited commercial messages, but also often malware campaigns as a form of cybercrime. According to today’s statistics, spam accounts for more than 50% of all email communications.

In the past, smaller fines have already been imposed. However, the current trend is obvious. The authorities resort to fines at the upper limit of their rates and, as practice shows, the Czech and Slovak authorities, as well as the authorities of the V4 countries or the CEE region, act similarly in their decisions. Therefore, it can be assumed that fines at the upper limit of sentences could also be imposed in similar cases in other countries in the region. Buying customer databases from other companies as part of marketing campaigns seems risky. Clients are advised to regularly review their systems for sending commercial communications. This means focusing on (i) sending commercial messages on an opt-in basis or, for existing customers, on an opt-out basis, (ii) the possibility for the recipient to refuse to receive other messages, and (iii) the registration of the beneficiary’s consent in the case of a cheque.

About Sandra A. Powell

Check Also

Why advanced email protection is more important than ever

The transition to hybrid working has been a complex journey that many organizations across the …