• Arts
  • Language Services
  • Furniture
  • Educational Services
  • Private Equity
  • Event Management
  • Nonprofit / Foundation
  • Manufacturing
  • Information Technology
  • Human Resources
  • Hotels and Restaurants
  • Health Care & Pharmaceuticals
  • Media - Broadcast and Publishing
  • Engineering / Construction
  • Food Products, Beverages and Tobacco
  • Petroleum Industry
  • Wholesale and Retail Trade
  • Travel and Leisure
  • Transporting, Moving and Warehousing
  • Telecommunications
  • Security Services
  • Real Estate
  • Marketing and Public Relations
  • Energy
  • Finance
  • Consumer Goods
  • Law Companies
  • Consultancy
  • Architecture
  • Airlines


Record-breaking spam penalty

Company: KPMG Česká republika, s.r.o.

In August of this year, the Office for Personal Data Protection (the Office) imposed the highest fine to date for the repeated unsolicited sending of commercial communications (spam). The company selling second hand cars paid CZK 6 million.

It is illegal for advertisers to harass anyone by sending them unsolicited commercial communications by electronic means without their consent or other legitimate reasons. Under the Act on Certain Information Society Services (the Anti-Spam Act), electronic contacts (e.g. email addresses) may be used for the purpose of disseminating commercial communications by electronic means solely to users who have given prior consent.

An exception to this rule is the use of electronic contacts of the advertiser's customers. If an advertiser has obtained the electronic contact lawfully in connection with the sale of their own products or services, they may use such contacts, to a reasonable extent, for the purpose of sending commercial communications about their own products or services (unless the customer has expressed dissent to this).

The company in question repeatedly distributed commercial communications by electronic means to addressees who neither gave their consent nor were the company’s customers. By doing so, the company breached the above rules and thus committed an offence.

In its rather extensive decision, the Office pointed out several important facts. One of them was that consent must comply with stipulated legal requirements (requirements for consent to the processing of personal data), and its granting must be unambiguously supported. The burden of proof lies solely with the personal data controller, i.e. the disseminator of the commercial communications (the company).

The company sought to support the (purportedly) obtained consent simply by referring to the procedures for obtaining and recording it. However, the Office did not accept this as a sufficient proof of consent having been granted by the specific addressees of the commercial communication.

The Office also justified the unprecedented high fine by pointing out that the misconduct had taken place within a large-scale advertising campaign (involving almost half a million email addresses) and had been systematic and comprehensive (the number of commercial communications sent without a legal title was in the thousands).

Finally, the Office commented on the company's objections regarding the distributor of the communications. If an entrepreneur decides to distribute commercial communications through another entity, they do so at their own risk, since it is primarily their duty to ensure the legality of such an act.

It is clear from the decision that the Office will not overlook any unauthorised sending of commercial communications and is prepared to severely sanction such practices. It is recommendable that advertisers carefully consider which addressees a specific commercial communication is sent to and whether there is a legal title for sending it. At the same time, they should not underestimate the specific form of obtained consent, and its proper record keeping.

Ladislav Karas lkaras@kpmg.cz +420 732 529 392

Martin Čapek mcapek@kpmg.cz

Tags: Finance |

AmCham Corporate Patrons



Are you sure? Do you really want to delete this item?