The Information Commissioner’s Office might have been flexing its regulatory muscle over the past month, with major, albeit significantly reduced, GDPR fines for British Airways and Marriott International, but it is still failing to get most culprits to actually cough up.
Some 12 months ago, the SMS Works revealed over £7m in ICO fines issued for breaches of data protection and telemarketing laws over the previous four years remained unpaid – equating to 42% of the total of all the fines handed out.
One year on, the company rifled off another Freedom of Information request to get an update on the status of the unpaid fines.
This reveals that, of the 47 unpaid fines handed out between 2015 and the end of July 2019, the ICO has succeeded in collecting just one more fine, which was issued to Facebook over the Cambridge Analytica scandal.
This is despite the fact the ICO insisted it would deploy debt collection agencies to assist it, as well as the introduction of new laws in December 2018 to make directors personally liable for fines of up to £500,000. At the time, then digital minister Margot James pledged there would be “no hiding place” for rogue directors of marketing firms.
However, it would seem these efforts have been in vain as the total of unpaid fines issued up to July 2019 is £6.55m or 39.4% – and not a single director has been prosecuted under the amendment to the Privacy & Electronic Communications Regulations (PECR), giving the ICO extra powers to pursue individuals.
According to the new SMS Works report, from January 2019 to the end of August 2020, the ICO handed out 21 fines to companies, amounting to £3.2m. However, of this, just nine have coughed up £1.03m, meaning 68% of the total remains unpaid.
And despite the new regulations, many directors are still claiming voluntary insolvency and successfully avoiding payment. Others are even deliberately shutting up shop to avoid paying a fine, only to reopen a new company, and carrying on regardless.
Black Lion Marketing used this tactic when hit with a £171,000 fine in March 2020. Its director, Kurlos Sami Asaad, is a former chief of five other businesses which have been liquidated or dissolved, including AMS Marketing which was wound up by the High Court in May last year after failing to pay a £100,000 fine issued in August 2018.
The SMS Works director Henry Cazalet said: “Effective fine collection remains a major headache for the ICO. It seems the larger the fine, the less likely they will be able to bring it in.
“Many organisations and individuals will do all they can to avoid paying a fine of over £100,000. The larger the fine, the more extreme the measures individuals are prepared to take.
“It raises the question of whether issuing smaller and more realistic fines might be a sensible strategy. Large fines only act as a deterrent if they can be collected and too often, this just isn’t the case.”
Marriott hammers down GDPR fine from £99m to £18m
BA ‘humiliates’ ICO by slashing £183m fine to £20m
‘Reckless’ firm called 270,000 consumers on the TPS
At last, ICO issues the first PECR penalty in six months
Rogues go free as nuisance call crackdown is sidelined
Half of last year’s £2m fines for PECR breaches unpaid
Show us the money: £7m in ICO fines still outstanding
Bungalow blight: High Court winds up rogue call firm
Minister: ‘No hiding place’ for rogue cold call directors
Facebook finally pays ICO fine but accepts no liability
Facebook finally hit with maximum £500,000 data fine