There’s a bit of a debate raging within the consulting team at DPP about the value of privacy and what it will take to persuade the reluctant controllers that they really must comply with the law and really should be taking a best practice approach to privacy management rather than a path of least resistance.
This debate will be rekindled in light of the €12 million fine issued to Vodafone in Italy for non-compliant marketing. It is no surprise to our Outsourced DPO that Vodafone have been fined in this way, since mid-summer they have been pushing out unsolicited promotional text messages left, right and centre in the UK about all sorts of nonsense totally unrelated to their own business such as chocolate sharing bags, and Just Eat vouchers.
Given this, one would expect a fine from the ICO at some point in time too. Vodafone was fined in Spain a mere €75k for marketing breaches so one assumes that they are carrying out this type of marketing across Europe.
If each of the 27 Member States of the EU plus the UK issued a fine in Italian proportions, it would amount to €336 million. That’s quite some fine but still probably only a snip for an entity like Vodafone.
The question remains, what will it take to encourage controllers to bring and maintain their operations in compliance?
The Outsourced DPO - Data Protection People