The First-Tier Tribunal (Information Rights) has ruled on the ICO’s action to require Experian Limited to change how it handles people’s personal data. The Judgment supported aspects of the ICO's decision, while allowing Experian’s appeal in other areas.
The Tribunal found, in support of the ICO, that Experian had not processed the personal data of over 5 million individuals transparently, fairly or lawfully because it failed to notify them that it was processing their data for direct marketing purposes. However, it rejected the ICO’s view that Experian’s privacy notice was not transparent, that using credit reference data for direct marketing purposes was unfair, or that Experian did not properly assess its lawful basis.
The ICO will take stock of today’s judgment and carefully consider next steps, including whether to appeal.
“The credit reference agency industry holds data on almost every adult in the UK. Information is screened, traded, profiled and enhanced to provide direct marketing services, and that process must happen in line with the law and in an open and honest way.
“Since we began our work with credit reference agencies, we’ve seen companies make significant changes to improve how they respect people’s information rights, notably being clearer in how data is used.”
- Stephen Bonner, ICO Deputy Commissioner
Today’s ruling follows a hearing that took place over a six-day period on 17, 19-21, 31 January and 11 February 2022. The Commissioner has been granted permission to appeal the Judgement.
The ICO issued the Enforcement Notice to Experian Limited in October 2020 following a two-year investigation into how the company and two other major credit reference agencies (CRAs) were using the personal information of UK adults for direct marketing purposes.