The Conservative Party adds an equivalent ‘Reject’ button after my email to their DPO. But Labour initially refused to acknowledge their non-compliance and invited me to complain to the ICO. After the ICO gets involved, the Labour Party also makes the changes I requested – and the ICO records the matter as an infringement of the law.
Tag: ico
A marketing agency disguised its identity and did not have a functional unsubscribe system in its marketing emails. Additionally, a popular restaurant chain pretended its marketing was a ‘service message’ and a university used dark patterns in its cookies ‘consent’ mechanism.
A controller sent me a marketing email after I signed up for a free trial, but did not give me a choice about this when I signed up. Their cookie banner was also not user-friendly, with no Reject All button available on the first layer. After the controller essentially ignored my complaints, the ICO eventually upheld my complaints and told the controller to add a Reject All button (see their full outcome below). Is the ICO finally doing something about non-compliance with the cookie consent rules?
Under Article 17 of the GDPR, you have the right to have most of your personal data deleted. Data controllers must usually comply with your erasure request within one month. But what data can companies typically keep about you after your request – what about invoices, for example? And what can you do if they don’t comply with your request? I discuss the civil court remedies that were available to me when I found out that a company stealthily kept my sensitive personal data, even though I’d asked for it to be deleted months earlier.
Many companies have some form of loyalty rewards scheme and want you to sign up in exchange for your personal data. This often results in you being pestered with marketing emails trying to get you to buy their products. However, even if you sign up for such a loyalty rewards scheme, you have the right to say no to such marketing emails and your choice must be respected.