Summary
Note: The captioned title reflects an Spanish saying used to indicate that, sometimes, those living out of a profession or activity, foolishly neglet using or applying their specific know-how or mastery for their own benefit. (En casa del herrero, cuchillo de palo).
Implication: In the already overregulated galaxy of the Information Technology (IT), not only the corporate world but also the Mom & Pop corner shop and even IT Legal Gurus, must be extremely watchful of their own smallest moves and doings if they want to avoid painful penalties.
Analysis
The Spanish Law Firm of “Cremades & Calvo Sotelo” holds themselves as legal experts in “New Technologies”, to the point of organizing/promoting courses and granting Masters degrees in these fields.
Around September 2004, the firm e-mailed commercial messages to 2,670 addressees included in their contact database, advertising one of these courses. The messages sent did not include the opportunity to their addressees to object the processing and/or use of their personal data for advertising and commercial offerings through e-mailings or otherwise.
One recipient, who rejected the courses offered and asked to have his personal data permanently deleted from the firm’s database, received a second unsolicited offer few days later.
He then complained to the Spanish Data Protection Agency, alleging infringement of Art. 21 of Law 34/2002 (on Information Society Services and Electronic Commerce) which forbids the distribution of unsolicited commercial offers via e-mail unless expressly consented by the addressee or covered by previous contractual link between the parties, and of Art. 6.1. of Law 15/1999 of Personal Data Protection, which requires the unequivocal consent of the subject regarding the treatment of his personal data.
The Agency fined the Law Firm for the first infringement in the amount of 30,000 Euros and dismissed, on technical grounds, the second one which could, otherwise, have been penalized with 60,000 Euro.
Although the Law Firm appealed against the decision, looking at the statistics made public by the Administration, the chances to succeed seems scant considering that the Court of Justice has overturned only the 83% of the fines applied by the Agency.
During 2005, and regarding the private sector, the Spanish Data Protection Agency opened 2,595 cases related to personal data protection, and 1,435 more concerning infringements in the field of electronic commerce, imposing fines totalling 21 Million Euros, with a growth of a 30% compared with the previous year. The biggest fine applied so far, in 2005, amounted to 450,000 Euros out of the 600,000 Euros which currently marks the ceiling permitted by the Law.
The bottom line message to anybody having to handle a bunch of contacts, addresses or personal data is to be extremely careful; otherwise the simplicity of the proceedings -and the practically zero cost required to complain to the Agency charged with the role of watchdog- may easily inflict a painful punch to the infringer’s pocket.
Analyses are solely the work of the authors and have not been edited or endorsed by GLG.
