This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

New Fine for Unsolicited Marketing Messages by Portuguese Data Protection Authority

The Portuguese National Data Protection Commission (CNPD) imposed a fine of 107 thousand euros on Deco Proteste Editores, Lda for sending unsolicited emails for direct marketing.

According to a report from news agency Lusa, the case had origin in a complaint from of a private individual who, between October 11, 2011 and June 5, 2013, received in his personal e-mail dozens of electronic communications with advertising content from Deco Proteste Editores, Lda. without ever having been a client or requesting the sending of electronic communications for direct marketing purposes.

The amount of the fine that the CNPD decided to impose on Deco Proteste Editores, Lda results of the application of fines for the practice of multiple offenses of Portuguese e-privacy law, for not observing the provisions of the law that provides that consent is the only ground of legitimacy for this type of data processing.

Deco Proteste Editores have appealed the decision, dated May 6, 2019, Lda, claiming that they were not the ones sending the marketing messages, as the electronic addresses from which the electronic communications in the complaint were sent did not belong to it and the operators of those sites should be the entities responsible for the processing of the personal data.

The CNPD rejected the argument by stating that the resort to external entities (processors) for the development of marketing campaigns did not exempt them their qualification as controller, as they were the ones defining the purpose of the processing of personal data - marketing campaign directed to potential customers - and established the means for their realization.

The decision therefore states that “the fact that the defendant does not have the database in question does not mean that it is not responsible for the processing of data” and further states that they should, in the choice of the subcontractor, have ensured that the marketing actions taken by the processor were complied with.

Tags

unsolicited emails, fines and penalties, data protection, abreu-advogados