193.6 million automated phone calls without consent lead to maximum fine by the ICO

The Information Commissioner’s Office (ICO), in a decision of 26th February announced today, has fined CRDNN Limited the maximum £500,000 for making more than 193,606,544 automated marketing calls without evidence of consent.

The fine follows two years of investigation after a raid of the company’s premises in Clydebank, Scotland and seizure of equipment and documents in March 2018.

The subsequent ICO investigation revealed that CRDNN Limited was found to be making nearly 1.6 million calls per day about window scrappage, debt management, window, conservatory and boiler sales between 1 June and 1 October 2018, that is after the ICO’s raid!

The calls were all made from so-called ‘spoofed’ numbers, which meant that people who received the calls could not identify who was making them. The company broke the law by not gaining consent from the phone owners to make those calls and by not providing a valid opt out.

CRDNN Limited came to the attention of the ICO when more than 3,000 complaints were made about the nuisance calls.

Andy Curry, Head of Investigations at the ICO, said: “This company affected the lives of millions of people, causing them disruption, annoyance and distress. The volume of calls was immense and to add to people’s frustrations attempting to opt out of those calls simply compounded their receipt of further calls.

“The directors of CRDNN knowingly operated their business with a complete disregard for the law. They did all they could to evade detection, from changing and not updating address details to transferring their operation abroad and attempting to go into liquidation. That’s why their conduct called for the maximum fine possible under the law.”

CRDNN Limited has been issued with an enforcement notice ordering it to comply with the Privacy and Electronic Communications Regulations laws within 35 days of receipt of the notice.

The company has a right of appeal to the First-tier Tribunal (Information Rights), part of the General Regulatory Chamber.

The Monetary Penalty Notice gives all the details of the investigation, including why the ICO found the company to have contravened the law in a “deliberate” manner [para.48] and why there were no significant mitigating factors in this case.

PL&B Comment: It is noteworthy that this rare maximum fine is despite the Information Commissioner statement that she “has decided that it is unlikely that actual damage has been caused in this instance.” [Enforcement Notice para.19] The decisive factor behind the decision to impose the maximum fine was that the company continued to make millions of automated calls after the ICO’s raid and confiscation of documents and equipment. Therefore, its infringement of the law was “deliberate.”

The ICO’s Enforcement Notice