Firm Who Collects OZ Data ‘Unlawfully’ Facing $36M Fine
North Sydney-based credit reference agency Experian, who has been caught out ‘unlawfully’ collecting consumer information and then selling it to consumer technology lifestyle fashion, food and retail companies, has been told it must stop its questionable activities or face $36 million in potential fines.
Equifax, another data company who collects data in Australia, was investigated but faces no further action because it made changes, including withdrawing some products and services.
The investigation by the UK’s Information Commissioner’s Office found Experian had access to the data of millions of Australians and almost every adult in the UK, which was then “screened, traded, profiled, enriched, or enhanced to provide direct marketing services”.
The Irish company, who sells consumer reports in Australia, has been slammed for questionable practices.
The company has been sharing the personal information of millions of people without consent and must stop, the UK’s information commissioner ruled.
The data, which was primarily collected offline, was used by commercial organisations, political parties and charities to “find new customers and build profiles about people”, the investigation revealed.
The company sold on the data to businesses that used it to identify who could afford goods and services, as well as to political parties.
The company must make “fundamental changes” to how it handles data or face a huge fine, the watchdog said.
Experian has said it will appeal.
“We believe the ICO [Information Commissioner’s Office]’s view goes beyond the legal requirements,” the Dublin-based firm said in a statement.
“This interpretation also risks damaging the services that help consumers, thousands of small business and charities, especially as they try to recover from the Covid-19 crisis.”
While Experian has made efforts to improve its practices, the ICO said it did not go far enough, according to the BBC.
The company now has nine months to satisfy the regulator or face fines of up to 4% of its global turnover or $36M, whichever is higher.
The two-year investigation was prompted by a complaint from the campaign group Privacy International.
It found that Experian and two other credit reference agencies – Equifax and TransUnion – did a significant amount of “invisible” processing of data, meaning that people did not know it was happening.
All firms provide a way for people to check their credit score for loans and credit cards.
But they are also data brokers, collecting and selling on information gathered from a variety of sources.
Experian failed to clearly explain what they were doing with people’s data, said the ICO, despite this being a requirement of the General Data Protection Regulation (GDPR).
“The data broking sector is a complex eco-system where information appears to be traded widely without consideration for transparency, giving millions of adults in the UK little of no choice or control over their personal data,” said Information Commissioner Elizabeth Denham.