The data of almost every adult in the UK has been used illegally

Share on facebook
Share on twitter
Share on linkedin

Earlier this year, the Information Commissioner’s Office (ICO) reported a huge data protection failure. A violation that could be the biggest data privacy scandal to date – and it is highly likely that you are affected. But, amid the Covid-19 pandemic, the story went largely unnoticed.

So, what happened, and what can you do about it?

In October 2020, the ICO ordered credit reference agency Experian to change the way it handles personal data in direct marketing services. The command followed a two-year investigation by the ICO into how Experian, Equifax and TransUnion use personal data for marketing purposes.

The ICO’s investigation discovered that Experian, Equifax and TransUnion were found “trading, enriching and enhancing people’s personal data without their knowledge”. This is a breach of data protection law.

The ICO also said that “the data of almost every adult in the UK was, in some way, screened, traded, profiled, enriched, or enhanced to provide direct marketing services.[1]” So this could be the most significant data protection violation in history.

Have you been profiled without your knowledge?

The practices uncovered by the ICO included taking personal data from the electoral roll and supplementing it with other information about an individual to build a more complete data profile. The credit agencies then sold these reports to commercial organisations, political parties, or charities for marketing purposes. In some cases, the credit agencies incorporated an individual’s credit rating into their profile, so organisations knew who could afford their products/services.

According to the ICO, “significant ‘invisible’ processing took place, likely affecting millions of adults in the UK. It is ‘invisible’ because the individual is not aware that the organisation is collecting and using their personal data.”

Following its investigation, the ICO raised concerns with all three credit agencies. In response, Equifax and TransUnion made the necessary improvements/changes. However, Experian did not accept the ICO’s instructions.  As a result, Experian has been issued with an enforcement notice compelling it to make the changes or risk further action. This could include a fine of up to £20 million.

Experian has said that it will appeal. However, even if it complies, the data of almost every adult in the UK has still been used illegally. And you are most likely affected.

Get justice for this data privacy violation

At Keller Lenkner UK, we help clients make successful data protection claims against companies that have failed in their data protection responsibilities. And, if you have been affected by the Experian data protection violation, we can help you make a no win – no fee group action compensation claim.

A group action allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and make a big organisation take the matter seriously. This increases their chances of settlement or success in litigation.

Multi-claimant specialists, our data protection lawyers frequently represent clients in data breach actions, often against large, well-funded companies.


Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Experian data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin