UK’s ICO takes enforcement action against Experian after GDPR violations
The UK’s Information Commissioner’s Office (ICO) has ordered the credit reference agency Experian Limited to make fundamental changes to how it handles personal data within its direct marketing services.The enforcement notice follows a two-year investigation by the ICO into how Experian, Equifax and TransUnion used personal data within their data broking businesses for direct marketing purposes. A complaint from the campaign group Privacy International to the ICO also raised concerns about the data broking industry, specifically Equifax and Experian. The ICO found that significant ‘invisible’ processing took place, likely affecting millions of adults in the UK, as signaled by a recent ICO report into data protection compliance in the direct marketing data broking sector.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.