On 18 March 2021, the Romanian DPA announced a fine of RON 10,000 (approx. EUR 2,000) was imposed against a controller in the banking sector for carrying out unlawful SMS advertising.
The investigation was launched following the receipt of a complaint claiming the said controller used the data subject’s telephone number for sending unsolicited commercial communications.
Following the investigation, the DPA concluded that the controller was unable to demonstrate obtaining valid prior consent for sending such communications, thus breaching the national law transposing the ePrivacy Directive. In addition, the DPA found that the concerned data subject had previously exercised, repeatedly, the right to object to the processing of personal data for marketing purposes.