ICO Orders Experian Stop Data Sharing Without Consent


Credit reference agency Experian has been ordered by the Information Commissioner’s Office (ICO) on Tuesday, October 27, 2020, to make “fundamental changes” on how it handles personal data. The organization is ordered to stop data sharing without consent and is facing fines up to £20 million.

According to BBC News, the credit agency has been found sharing personal data of millions of people without obtaining consent before disseminating information.


The company reportedly sold sensitive information to businesses to determine which individuals can avail products and services and what political parties and charities people identified with or supported. Moreover, such trading also used said information to get more customers.

Experian Ordered to Stop Data Sharing Without Consent

The enforcement notice from the United Kingdom watchdog comes two years after it investigated how credit bureaus and agencies leveraged user data for connecting and helping businesses with their direct marketing needs.


In its statement, the ICO revealed that the Privacy International, a campaign group, also reached out to the watchdog regarding data broking in the industry, with particular emphasis on the activities and involvement of Experian and Equifax.

Although the three credit reference agencies made changes in its direct marketing and data broking activities, only Equifax and TransUnion made signficant strides in taking out products and services. This resulted in the firms being exempt from receiving enforcement noticeds or from being subjected to further action by the ICO.

As such, the ICO said that it orders the agency in question “to make fundamental changes to how it handles people’s personal data within its direct marketing services.”

As part of its demands, the watchdog requires Experian to inform individuals that it holds their respective personal information and how it is currently using or how it will use such details for marketing purposes.

Moreover, the credit reference bureau is also ordered to stop using personal information unlawfully collected under GDPR rules by January 2021 and to stop the screening of customers based on their finances.

The enforcement notice given by the Information Commissioner’s Office levies an overhaul in Experian’s system within nine months. Should the credit agency fail to uphold the demands of the UK watchdog, the ICO is set to include a fine of up to £20 million or 4% or the agency’s total revenue.

Meanwhile, Reuters reports that Experian refutes such claims. In a statement, the agency said, “We believe the ICO’s view goes beyond the legal requirements. This interpretation (of General Data Protection Regulation) also risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.”

Following the allegations against it by the UK regulator, Experian said that it will appeal, reveals BBC News.