Efforts to batter companies which break data protection laws are still being hampered by firms that refuse to cough up and those that launch lengthy appeals, with the latest figures revealing that, of the £43,751,000 levied in penalties since January 2019, just £1,215,000 has actually been paid.
According to the Information Commissioner’s Office, of the 31 fines issued over the past two years, more than two-thirds of companies have not paid, with nine companies refusing to cough up and nine appealing their rulings at the First-Tier Tribunal.
From the documents, the status of the ICO’s four GDPR penalties, totalling nearly £40m, is unclear. British Airways’ £20m fine – issued on October 16 2020 – remains unpaid although there are no details about a potential appeal.
Meanwhile, when it comes to Marriott International’s £18.4m penalty, the ICO document shows it has had “partial payment” but does not detail how much and adds that the appeal is “ongoing”.
Ticketmaster’s £1.25m fine and Doorstep Dispensaree’s £275,000 are both confirmed as under appeal.
Now the ICO has pledged to do more to expose the companies which are failing to pay their penalties by issuing quarterly updates on the status of the fines; previously this was only available through Freedom of Information requests.
ICO group manager of investigations Natasha Longson writes in a blog post: “While fines make headlines, very often our work doesn’t stop there. For many reasons, the fines can remain unpaid, but there is often much more we can do to pursue them in the public interest.
“Our latest petition for winding up a company was presented in December for CRDNN which we fined the maximum £500,000 for making 193 million automated nuisance calls.
“In most cases where a fine has not been paid, we work closely with the Insolvency Service. This has been a very successful collaboration and, last year saw eight directors disqualified. Recovering fines from insolvent companies has been slower than usual due to the pandemic’s impact on the courts.
“We take a pragmatic approach to recovery and we support companies and directors in genuine financial hardship, for example agreeing payment plans where appropriate.”
She claims that company directors are becoming increasingly aware of the ICO’s “robust strategy”, adding: “They’re telling us that they want to avoid insolvency and other potential action such as disqualification; making more concerted efforts to pay company fines rather than shutting down their business via liquidation.
“There will always be those who will try to walk away from fines and we’re doing all we can to ensure they pay and limit the risks of further breaches and ultimately protect the public from abuse of their privacy rights.”
Another fine mess? ICO still failing to get rogues to pay
Marriott hammers down GDPR fine from £99m to £18m
BA ‘humiliates’ ICO by slashing £183m fine to £20m
‘Reckless’ firm called 270,000 consumers on the TPS
At last, ICO issues the first PECR penalty in six months
Rogues go free as nuisance call crackdown is sidelined
Half of last year’s £2m fines for PECR breaches unpaid
Show us the money: £7m in ICO fines still outstanding
Bungalow blight: High Court winds up rogue call firm
Minister: ‘No hiding place’ for rogue cold call directors
Facebook finally pays ICO fine but accepts no liability