Offbeat

Legal

Can't pay Information Commissioner's fine? No problem! Just liquidate your firm

UK data protection watchdog has a 54% cash recovery rate


The UK's data protection watchdog has recovered only about half the value of fines doled out to dodgy data controllers, and those handed to spam marketing firms are the most likely to remain unpaid.

According to figures released under the Freedom of Information Act, the Information Commissioner's Office has fined companies breaking data protection and marketing laws some £17.8m since 2010 – but just £9.7m has made its way into government coffers, a 54 per cent recovery rate.

The ICO can issue fines to organisations that it finds to be in breach of either the UK's Data Protection Act (DPA) or the Privacy and Electronic Communications Regulations (PECR), which governs marketing emails and calls.

The money is paid into the Treasury's Consolidated Fund (it does not feather the ICO's nest).

Broadly speaking, firms making millions of automated nuisance calls are mostly found to be in breach of PECR, while authorities that lose DVDs full of confidential information, or firms that leave themselves open to hacks, will get slapped with fines under the DPA.

Fines under the DPA tend to be higher than for PECR – the respective modes are £70,000 and £50,000, the median values £85,000 and £75,000.

Just 99.5 million nuisance calls... and KeurBOOM! A £400K megafine

READ MORE

But the highest fine given out under both is £400,000. The body can dish out a maximum penalty of £500,000, although this will increase to 4 per cent of global turnover or €20m under the General Data Protection Regulation (GDPR).

However, the results of the FOI throw the deterrent effect of these larger fines into question.

The requests – submitted by The Register and reader Robert Rijkhoff, who has a long-running campaign against junk mail – asked the ICO how many of the data controllers issued with fines between 2010 and April 2018 have paid up, in full or in part. It was based on the publicly available list of civil monetary penalties on the ICO's website (downloads CSV).

It revealed that some 43 of the 174 data controllers fined during that period have paid back half or less of their fines, and 38 of these have paid back nothing.

Just 14 paid back the full amount, with a further 115 taking advantage of the ICO's early-bird payment discount, where they get 20 per cent off for paying within 28 days. One controller has paid 81 per cent; another, 83.3 per cent.

Most of the unpaid fines were issued for breaches of PECR. Of the 84 fines issued under these rules, which had a total value of £8.5m, about half have not paid more than 80 per cent of the headline fine.

Of the bakers' dozen of companies handed a fine of £200,000 or more under these rules, just one has paid a substantial amount, Newday Ltd, which paid 80 per cent of its £230,000 fine this year.

In contrast, of the 90 DPA fines issued, which came to a total of £9.3m, all but three have been paid, and most of those that hand over the cash doing so within 28 days of being handed the fine.

Big fine? Businesses go Keurboom!

The ICO emphasised that there are a number of reasons for controllers not paying the full fines – an appeal can delay, negate or drop the cost. Christopher Niebel successfully appealed a £300,000 fine in October 2013. Moreover, some organisations choose to pay back in instalments, meaning the exact figures can change regularly.

But the figures clearly show a low recovery rate that goes beyond this, at the heart of which is a problem that has plagued the ICO for years. When faced with a big-bucks fine, some companies will simply choose to go into liquidation to avoid paying out.

This is particularly true of the nuisance call companies that tend to be fined under PECR. Keurboom Communications, which was fined £400,000 in 2017 for making 99.5 million nuisance calls, was in liquidation by the time the fine was announced.

Similarly, after Your Money Rights was fined £350,000 in 2017, the directors immediately sought to dissolve the firm and the fine remains unpaid, while ProDial Ltd was already seeking liquidation when the ICO formally handed down a £350,000 fine in 2016.

And Media Tactics appointed a liquidator in October last year after receiving a £270,000 fine six months earlier. Check Point Claims, which was fined £250,000 in 2016, was dissolved last year.

Neil Brown, tech lawyer at decoded:Legal, said that it was "no particular surprise that the recovery rate is low", especially given the commissioner's public acknowledgment that directors often liquidate their firm and restart under a new name.

ICO calls for director liability

In a bid to tackle this, the ICO has repeatedly asked for powers to hold directors of companies directly liable – something that the government promised the office back in 2016, but is yet to transpire.

"We welcomed the announcement by government in 2016 of a planned change in law to make directors themselves responsible for nuisance marketing," Elizabeth Denham said in a statement sent to The Register about the figures.

"It should have a real deterrent effect on those who deliberately set out to disrupt people with troublesome calls, texts and emails. We hope the law change will come to fruition soon to increase the tools we have to protect the public from this modern menace."

We asked the Department for Digital, Culture, Media and Sport if the plans were still on the table, but it did not give a direct answer, instead saying it was "committed to working with regulators to make sure firm directors are held to account if they breach the rules and will be announcing further detail shortly".

In its FOI response to The Register, the ICO noted that it "will usually attempt to recover assets", including by working with other regulators or the government to take enforcement action against directors.

This includes banning them from acting as a director of another company – an option used this year in the cases of Leah Kimberley Masters, director of Cold Call Elimination (fined £75,000 in 2015), and Tony Ray Abbott, director of Reactive Media Ltd, which was fined £50,000 in 2014.

However, the fact the data controllers still escape without paying the fine arguably undermines the ICO's powers to hand out fines – something that has been made more of in light of the increased fines it can wield under the GDPR.

"Although fines are just one of the mechanisms available to the ICO to encourage compliance with the data protection framework, if they can be dodged easily, they lose their deterrent value," Brown said.

"You can understand why the ICO has been pushing for directors to be personally liable." ®

Send us news
37 Comments

Intel plans immersion lab to chill its power-hungry chips

AI chips are sucking down 600W+ and the solution could be to drown them.

Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

Continue reading

US recovers a record $15m from the 3ve ad-fraud crew

Swiss banks cough up around half of the proceeds of crime

The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

"This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

Continue reading

Lawmakers launch bill to break up tech giants' ad dominance

Running ad auctions while also buying and selling ads may be outlawed for large firms

A bipartisan group of US lawmakers has proposed legislation that would likely force Alphabet's Google, Meta's Facebook, and Amazon to divest portions of their ad businesses.

The bill, called the Competition and Transparency in Digital Advertising Act (CTDA), was introduced on Thursday by Senator Mike Lee (R-UT), with the participation of Senators Amy Klobuchar (D-MN), Ted Cruz (R-TX), and Richard Blumenthal (D-CT).

The bill would prevent large ad companies from participating on different sides of the ad transaction chain. Large ad firms could operate supply-side brokers selling publisher ad space, demand-side brokers selling ads, or ad exchanges connecting buyers and sellers – but not more than one of these.

Continue reading

America bucks global smartphone decline with help from Apple

Cupertino's 51% control is why NA market grew while the world shrunk, says Canalys

Smartphone markets the world over are in decline, but that news doesn't appear to have reached North America, where the market grew by 4 percent in the first quarter of 2022.

Tech market analytics firm Canalys reported that smartphone manufacturers shipped a total of 39m units in North America in Q1 2022, and most of it was driven by Apple, which saw 19 percent growth in Q1 to reach 51 percent of the smartphone market in the US, Canada and Mexico.

Apple may lead the quarter in terms of shipments and market share, but Google was the growth leader: It added 380 percent to its North American market share from Q1 2021 to Q1 2022. Still, that only brought it to 3 percent of the market, putting it in fifth place. 

Continue reading

Export bans prompt Russia to use Chinese x86 CPU replacement

With few options, Russia will look to half-fast chips from Chinese maker

With Russia cut off from foreign processor makers Intel and AMD, the country has been scrambling to switch to more local CPUs and components.

Russia's latest step in securing supply chains for new computers comes in the form of a newly released desktop motherboard designed to support x86-compatible CPUs made by Chinese chip designer Zhaoxin, which is a joint venture between Taiwan's Via Technologies and the Shanghai municipal government.

The new motherboard, called MBX-Z60A, is made by electronics manufacturer Dannie, which has headquarters in Russia and China, according to a machine translation of an article published last week by Russian-language news aggregator Habr.

Continue reading

Acer's TravelMate laptops arrive – complete with Microsoft Pluton chips

MS's TPM tip finally gets a grip – but shh – don't mention the Chromebooks

You can imagine the sighs of relief all round in Redmond, Washington this week as Acer launched its new TravelMate range, which has Microsoft's Pluton silicon built-in.

Continue reading

Ryzen shines with remote management on Qualcomm Wi-Fi kit

Working to compete with Intel as FastConnect comes to AMD-processor-powered PCs

AMD and Qualcomm have rolled out a joint effort that brings remote management capabilities over Wi-Fi for AMD business systems, potentially boosting their appeal for corporate IT departments.

The two companies said they were working together to improve Qualcomm's FastConnect wireless kit for AMD compute platforms based on the Ryzen chips for desktops and laptops. The starting point for this is AMD Ryzen-powered business laptops using Qualcomm's FastConnect 6900 system that delivers Wi-Fi 6 and 6E plus Bluetooth 5.3, supporting Wi-Fi connection speeds up to 3.6Gbps.

Remote management is enabled by the combination of the AMD Manageability Processor now embedded in Ryzen PRO 6000 systems and the FastConnect 6900 system, AMD and Qualcomm said, with support for the DASH client management standard developed by the Distributed Management Task Force (DMTF).

Continue reading

Fastly buys dev platform and web IDE Glitch

CDN biz hopes merger will add a new way to use its edge services

Updated Content delivery network Fastly is purchasing Glitch, the company behind the web-based IDE of the same name.

Glitch is a full-stack platform that officially supports JavaScript, but allows coding in CSS, HTML, and other languages as well. It's designed to operate much like other cloud platforms and is able to run full-stack apps on demand, with Glitch handling all of the hardware and devs allowed to focus on coding.

By being absorbed into Fastly, Glitch vowed that the service will remain unchanged for users. "You're good, we got you. Nothing changes about your apps or your Glitch account," the company said in its announcement. It also said no employees would be lost in the merger.

Continue reading

Start your engines: Windows 11 ready for broad deployment

If you're on Windows 10, and meet requirements, it's ready to rumble... and 22H2 is waiting in the wings

Microsoft has quietly updated its release health dashboard and declared Windows 11 "designated for broad deployment."

Adoption of Microsoft's latest OS stalled in recent months as enthusiasts that could upgrade did, and those who didn't meet Microsoft's draconian list of hardware requirements mostly remained on Windows 10.

A wave of enterprise upgrades is yet to materialize, with many organisations opting to stick with what they know, although the designation of being "broad deployment" ready will make it easier to add the upgrade to the corporate roadmap.

Continue reading

Corporate investments are a massive hidden source of carbon emissions

Just because companies are publicly decreasing carbon footprints doesn't mean their cash isn't doing the opposite

Many large corporations are taking measures to reduce their carbon footprints, but a new report claims that for some, the greatest source of emissions is actually from investments being made with their wealth, and this is undermining their own environmental efforts.

The Carbon Bankroll report highlights the documented carbon dioxide emissions of a number of large corporations and contrasts these with pollutants being generated as a result of the cash and investments held by those companies, comprising cash, cash equivalents, and marketable securities.

In some instances, this figure is greater than the emissions generated by their own business, demonstrating, in the words of the report, that "climate accomplishments are being undermined by a misaligned financial system that is channeling hundreds of billions of corporate US dollars into the carbon-intensive sectors driving the climate crisis."

Continue reading

Iran, China-linked gangs join Putin's disinformation war online

They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives – according to threat-intel experts at Mandiant.

Additionally, Iranian cyber-campaigns are using Russia's invasion of its neighbor to take aim at Saudi Arabia and Israel, the researchers found.

In a new report published today, Mandiant's Alden Wahlstrom, Alice Revelli, Sam Riddell, David Mainor and Ryan Serabian analyze several information operations that the team has observed in its response to the conflict in Ukraine. It also attributes these campaigns to actors that the threat researchers say are operating in support of nation-states including Russia, Belarus, China and Iran.

Continue reading