(Reuters) – Experian EXPN.L intends to appeal the British data watchdog’s order to fundamentally change its handling of people’s personal data, after a probe found that it and two other comanies were using such information for direct marketing services without public knowledge.
The Information Commissioner’s Office (ICO) said on Tuesday its enforcement notice came after a two-year investigation into how Experian, Equifax EFX.N and TransUnion TRU.N used personal data within their data broking businesses for direct marketing purposes.
This resulted in products used by commercial organisations, political parties or charities to find new customers and build profiles about people, the ICO said.
Experian shares pared earlier gains to trade slightly lower following the news.
“We believe the ICO’s view goes beyond the legal requirements. This interpretation (of General Data Protection Regulation) also risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis,” Experian said.
The regulator said it was not taking action against Equifax and TransUnion as they made improvements and withdrew some products and services, while Experian did not make enough progress in improving compliance.
The ICO said Experian has to make changes within nine months or risk further action, which could include a fine of up to 20 million pounds ($26.07 million) or 4% of its total annual turnover.
Reporting by Tanishaa Nadkar in Bengaluru; Editing by Ramakrishnan M.