Data Protection News Update 22 January 2024

United Kingdom

ICO fines financial services company £50k for spam text messages

  • Financial services company LADH Limited has been fined £50,000 by the Information Commissioner’s Office (ICO) for sending tens of thousands of spam text messages, in breach of Privacy and Electronic Communications Regulations (PECR).
  • For a six-week period over March and April 2022, LADH Limited sent more than 31,000 text messages without valid consent and without offering an opportunity for the recipient to opt out, which is also unlawful.
  • There were 106 complaints made to Mobile UK’s Spam Reporting Service by people who had received these unwanted text messages.
  • The ICO served LADH Limited with an enforcement notice to stop sending direct marketing messages without valid consent and issued a monetary penalty notice of £50,000.

Two home improvement companies fined a total of £250,000 for making illegal marketing calls

  • The Information Commissioner’s Office (ICO) has fined two home improvement companies a total of £250,000 for bombarding people on the UK’s ‘do not call’ register with millions of illegal marketing calls.
  • Poxell Ltd and Skean Homes Ltd both made unsolicited marketing calls to people registered with the Telephone Preference Service (TPS) while withholding their identity.
  • Poxell Ltd has been fined £150,000 for making over 2.6 million unlawful marketing calls between March and July 2022, resulting in 412 complaints to the ICO and TPS.
  • Skean Homes Ltd has also been fined £100,000 for instigating over 600,000 unsolicited marketing calls between March and May 2022, resulting in 31 complaints.
  • In addition to the fines, the ICO has issued an Enforcement Notice to both companies, ordering them to stop calling people registered with the TPS, or had previously objected to such calls.

United States

Will Passports Be Replaced by Biometrics?

  • The U.S. Transportation Security Administration (TSA) expanded its optional facial recognition program that allows passengers to use a facial scan to match them to their state-issued ID.
  • The process involves comparing a photo taken in real time against a scan of a license or passport. This process will assist any TSA officer in verifying the identity of a traveller.
  • The program is currently available at 30 airports across the United States, and the TSA said they are planning to expand it to more than 400 airports in the coming years. 
  • The program is similar to Delta’s digital ID program that makes it easier for passengers to get through security without showing a physical ID.


European Data Act enters into force, putting in place new rules for a fair and innovative data economy  

  • The EU Data Act- legislation which attempts to ensure fairness in the data economy by creating a competitive data market and offering legal clarity surrounding the use of certain types of data, is now in force.
  • This act was processed in February 2022 by the Commission and a political agreement was reached by the European Parliament and the Council in June 2023. The Data Act is a key milestone of the Commission’s data strategy, which is an important enabler for meeting their set 2030 Digital decade objectives.
  • The Data Act empowers users of connected devices to assume greater control of the data the devices produce and gives public sector entities greater access to private sector data to respond to public crisis.
  • This law becomes applicable on 12th September, 2025.

Cookies: the CNIL sanctions Yahoo! a fine of 10 million euros

  • France’s data protection authority, the Commission nationale de l’informatique et des libertés, fined Yahoo EMEA 10 million euros over the company’s alleged violation of the ePrivacy Directive.
  • The CNIL found visitors to the Yahoo site had cookies placed on their computer without their consent and difficulty for users wanting to withdraw participation in cookie collection.
  • As a result of this Yahoo EMEA failed to fulfil its obligations under article 82 of the Data Protection Act, to the extent that cookies for advertising purposes can only be placed when there is explicit consent. This consent was not given.
  • To determine the amount of the fine, the data protection authority took into account that the company did not respect the choice of Internet users and put in place measures to dissuade them from withdrawing their consent to the deposit of cookies.


Singapore’s CSA launches Safe App Standard  

  • The Cyber Security Agency of Singapore released recommendations for mobile apps called the Safe App Standard.
  • The Standard provides a common benchmark and guidance to local app developers and providers on the necessary security controls and best practices to better protect their applications and end-users against common malware and phishing attempts.


More Posts

Send Us A Message