Information Commissioner to fine Leave.EU and Arron Banks’ firm for misuse of customer data
Marketing emails were sent promoting Eldon Insurance and the Leave campaign without recipients’ permission
Arron Banks - Image credit: Stefan Rousseau/PA Wire/PA Images
Leave.EU and controversial Brexiteer Arron Banks’ insurance company are to be fined a total of £135,000 by the Information Commissioner’s Office (ICO) for misusing customer data during the EU referendum.
Leave.EU and Eldon Insurance will each be fined £60,000 for “serious breaches” of the 2003 Privacy and Electronic Communications Regulations.
It comes just a week after it was announced that Arron Banks is being investigated by the police over the source of a £8m loan to the Leave.EU campaign.
The ICO found that more than a million emails with marketing for Bank’s firm, Eldon Insurance, which trades GoSkippy, were sent to Leave.EU subscribers without their permission.
Leave.EU will also be fined a further £15,000 for sending 300,000 emails to Eldon Insurance customers containing a Leave.EU newsletter.
Eldon has been issued with an enforcement letter by the ICO, which will follow it up with a further audit.
The ICO said: “We are investigating allegations that Eldon Insurance Services Limited shared customer data obtained for insurance purposes with Leave.EU.
“We are still considering the evidence in relation to a breach of principle seven of the DPA1998 [Data Protection Act 1998] for the company’s overall handling of personal data.
“A final decision on this will be informed by the findings of our audit of the company.”
The details of the fines are included in a report on the use of personal data in political campaigns, which has been presented to MPs today.
In the report, the ICO said it was also looking at how the Remain campaign handled personal data and considering whether there had been any breaches that would require further action.
Information commissioner Elizabeth Denham said the ICO had had “little idea of what was to come” when it began its investigation into the use of data analytics for political purposes in May 2017.
The investigation had uncovered a “disturbing disregard for voters’ personal privacy” and “significant issues, negligence and contraventions of the law”, she said.
The report mentions concerns about political parties purchasing marketing lists and using profiling information and third-party analytics companies without checking that proper consents are in place.
It notes that warning letters requiring action have been sent to the 11 main political parties in the UK ahead of planned audits later this year.
Parties will be required to show they have carried out data protection impact assessments for all projects involving the use of personal data
Earlier this year, the ICO issued Facebook with the maximum penalty of £500,000 fine for breaking data protection law, and it is pursuing a criminal prosecution against Cambridge Analytica, which has gone into administration, for failing to respond to an enforcement notice.
Canadian company AggregateIQ, which was linked to the Facebook and Cambridge Analytica scandal, was issued with an enforcement notice in July requiring it to stop using UK personal data or risk a significant fine under EU GDPR rules.
The biometrics commissioner would monitor how the police use forensic data such as fingerprints and DNA samples
The Scottish CAB network reported a 113 per cent increase in the number of people reporting scams
The Scottish Parliament’s Justice Sub-Committee on Policing said the legal basis of using cyber kiosks must be clarified before they are introduced
Social media companies will face massive fines or being blocked from the UK altogether if they fail to remove harmful or illegal content from their platforms
Vodafone explores some of the ways IoT is significantly improving public sector service delivery
With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better...
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.