On July 6, 2023, the Colombian data protection authority (SIC) announced its decision, in which it imposed a fine of COP 1,306,289,600 (approx. $309,072) and issued a corrective order on Comcel S.A. y Operadora de Pagos Moviles de Colombia S.A.S. (Claro), for violating Statutory Law 1581 of 2012 (October 2017) Which Issues General Provisions for the Protection of Personal Data (the Data Protection Law).

Findings of the SIC

The SIC found that Claro had breached the Data Protection Law for failure to implement adequate and sufficient measures to obtain referral telephone numbers from its customers via the marketing campaign 'Friends who reward you,' with prior, express, and informed consent of the data subjects.

Outcomes

In light of the above, the SIC imposed the abovementioned fine, the highest ever issued by SIC to date, on Claro, and ordered the same to:

• refrain from continuing to use the databases collected during the 'Friends who reward you' marketing campaign;
• proceed with the elimination of the databases associated with this campaign; and
• cease all types of activity in which it collects personal data, without the authorization of its owner, through this type of commercial strategies, where third parties are used for the collection of personal data for commercial purposes.

You can read the press release, only available in Spanish, here.