The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Case Study Two

Gaelic Telecom / Global Windows: Cold calling

I received a number of complaints from the public last year concerning unsolicited calls from Gaelic Telecom, a telecommunications service provider. Of particular concern to me was the fact that many of the complainants were telephoned by Gaelic Telecom even though their preference not to receive direct marketing calls had been recorded on the National Directory Database opt-out register.

My Office contacted Gaelic Telecom in relation to the complaints received. We were informed by the company that, prior to the telephone calls being made, the complainants had received a letter on behalf of their local GAA club asking them to accept a call from Gaelic Telecom. The letter offered them an 'opt-out' which, if responded to, would have removed their number from the database and thereby ensured that no call was made. The company also explained that it sourced details of telephone subscribers on behalf of GAA clubs from club lists, member lists, supporter lists and publicly available databases for the local parish. In some instances, it sourced details through a third-party provider of address lists. Gaelic Telecom provided my Office with a sample copy of a typical letter which issued to telephone subscribers under the name of a local GAA club. The letter offered reduced call charges, discounted line rental and broadband. The local GAA club was guaranteed 15% of call charges incurred by the subscriber every month.

I was particularly disappointed to find that, for the first four months of 2006, Gaelic Telecom had not been checking its direct marketing database against the National Directory Database opt-out register (the register was put in place in 2005). In fact when first approached by my office on this point it didn't seem to even be aware of the existence of the NDD and the requirement to ensure that the numbers phoned were not on the NDD opt-out register.

Over a number of months, my Office adopted a proactive approach to this issue and engaged in intensive communications with the company concerning the complaints received and the remedial measures required. These communications included two meetings with company representatives. We advised them that where the GAA clubs provided lists of members who had given explicit consent to receive marketing calls from Gaelic Telecom, there was no need to check such lists against the NDD. At our request we were provided with revised procedures designed to address shortcomings in their systems. We also asked the company to consider, as a matter of good customer practice, placing an advertisement in the national newspapers to apologise to the public for making unsolicited calls. The company chose not to follow this advice but offered to apologise individually to those who had complained.

As a result of the complaints from the public and my Office's subsequent investigation, I am pleased to report that we have received no further complaints of substance against Gaelic Telecom to date. This demonstrates the important role of the general public in alerting my office to cases of noncompliance. In this case, complaints from members of the public about Gaelic Telecom's unacceptable practices prevented unlawful direct marketing of other individuals. While I was satisfied with the overall outcome of the case, I was disappointed that Gaelic Telecom did not publicly apologise for their actions. This reflects a somewhat dismissive attitude to the privacy rights of those people whose preference not to receive direct marketing was infringed.

I received a number of complaints last year concerning direct marketing telephone calls made by Global Windows to people whose names had been recorded on the NDD opt-out register. On investigating this matter, my Office found that Global Windows had been purchasing marketing lists from a third party but the company was not checking the names on those lists against the names on the NDD opt-out register. In response to my Office's intervention, the company suspended marketing operations until it reviewed and improved its internal procedures. Following its review, Global Windows contracted to purchase the NDD opt-out register and it installed a new computer programme to enable it to check its marketing databases against the opt-out register. Despite its efforts to become compliant with the requirements of the data protection legislation, I was disappointed to find that one of the company's telemarketing agents subsequently used an old database to phone a number of people, including a person who had previously complained to my Office. This was a most unsatisfactory development and it demonstrated the critical importance of deleting out-of-date databases. Global Windows acknowledged its error and immediately deleted all old databases to ensure there was no recurrence. Marketers must comply with the requirements of the data protection legislation. In that regard, it is essential that they check their marketing lists against the NDD opt-out register on a fortnightly basis to ensure that the wishes of people recorded on that register are respected. The use of out-of-date marketing lists is an unacceptable practice that is likely to result in a marketer committing an offence.