On August 16, 2023, the Personal Data Protection Commission (PDPC) published its decision in Case No. ENF-DNC-221129-0007, in which it issued a warning to an individual for violating the Personal Data Protection Act 2012 (No. 26 of 2012) (PDPA) by sending marketing messages to individuals registered on the Do Not Call (DNC) Registry.

Background to the decision

The PDPC noted that between November 2022 and March 2023, the individual sent approximately 6,120 text messages to 1,224 telephone numbers registered on the DNC Registry.

Findings of the PDPC

The PDPC found that the individual contravened Section 43(1) of the PDPA by:

• not obtaining clear and unambiguous consent from any of the subscribers of the telephone numbers before sending the messages; and
• not confirming if the telephone numbers contacted were listed in the DNC Registry before sending the text messages.

Furthermore, the PDPC concluded that the individual had been acting as an independent real estate salesperson, rather than as an employee, and as such, their actions were not excusable under Section 48 of the PDPA.

Outcome

In determining the appropriate enforcement action, the PDPC highlighted that the individual had complied with Section 44 of the PDPA by identifying the sender of the messages and providing recipients with the option to unsubscribe from the text messages. Additionally, the PDPC noted that the individual was cooperative during the investigation and showed a willingness to comply with the PDPA.

In light of the above, the PDPC issued a warning to the individual.

You can read the press release here and the decision here.