After an 18-month investigation into use of personal data, information commissioner presents report to parliament

Credit: PA

The Information Commissioner’s Office investigation into the use of personal data in political campaigns uncovered a “disturbing disregard for voters’ personal privacy” and “significant issues, negligence and contraventions of the law”.

Commissioner Elizabeth Denham said her office had “little idea of what was to come” when it began its investigation into the use of data analytics for political purposes in May 2017. The ICO this week presented to MPs a report of its findings.

The report flagged up concerns about political parties purchasing marketing lists and using profiling information and third-party analytics companies without checking that proper consents are in place.

It notes that warning letters requiring action have been sent to the 11 main political parties in the UK ahead of planned audits later this year.

Parties will be required to show they have carried out data protection impact assessments for all projects involving the use of personal data.

Related content

• Bursting the bubble – the ethics of political campaigning in an algorithmic age
• ICO to make ‘clear policy recommendations’ in light of Facebook data probe
• MPs team up with Canadian counterparts in final attempt to grill Zuckerberg

Earlier this year, the ICO issued Facebook with the maximum penalty of £500,000 fine for breaking data protection law, and it is pursuing a criminal prosecution against Cambridge Analytica, which has gone into administration, for failing to respond to an enforcement notice.

Canadian company AggregateIQ, which was linked to the Facebook and Cambridge Analytica scandal, was issued with an enforcement notice in July requiring it to stop using UK personal data or risk a significant fine under EU GDPR rules.

This week, it was announced that Leave.EU and controversial Brexiteer Arron Banks’ insurance company are to be fined a total of £135,000 ICO for misusing customer data during the EU referendum.

Leave.EU and Eldon Insurance will each be fined £60,000 for “serious breaches” of the 2003 Privacy and Electronic Communications Regulations.

It comes just a week after it was announced that Arron Banks is being investigated by the police over the source of a £8m loan to the Leave.EU campaign.

The ICO found that more than a million emails with marketing for Bank’s firm, Eldon Insurance, which trades GoSkippy, were sent to Leave.EU subscribers without their permission.

Leave.EU will also be fined a further £15,000 for sending 300,000 emails to Eldon Insurance customers containing a Leave.EU newsletter.

In the report, the ICO said it was also looking at how the Remain campaign handled personal data and considering whether there had been any breaches that would require further action.