ICO fines Brexit campaign group £120k over data breaches and plans further audit
Leave.EU hit with penalty by regulator as NCA investigation continues
Credit: Jacob Edward/CC BY 2.0
Brexit campaign group Leave.EU and an insurance firm owned by its founder Arron Banks have been slapped with a six-figure fine by the Information Commissioner’s Office over "serious" data breaches.
Both Leave.EU and Eldon Insurance – which traded as GoSkippy Insurance – were fined £60,000 each after an investigation by the ICO found the two organisations had broken electronic marketing laws.
The fines were originally announced by the ICO in November last year as part of a wide-ranging investigation by the watchdog into the use of data analytics in political campaigns.
The ICO said it Leave.EU and Eldon insurance had been "closely linked", with systems meant to wall off the use of personal insurance data from those targeted with political messages described as "ineffective".
- ICO report finds ‘disturbing disregard for voters’ privacy’ in political campaigns
- Bursting the bubble – the ethics of political campaigning in an algorithmic age
- ICO launches investigation into use of data analytics in political campaigning
"This resulted in Leave.EU using Eldon Insurance customers’ details unlawfully to send almost 300,000 political marketing messages," the ICO said in a statement. "Leave.EU has been fined £15,000 for this breach. Eldon Insurance carried out two unlawful direct marketing campaigns. The campaigns involved the sending of over one million emails to Leave.EU subscribers without sufficient consent. Leave.EU has been fined £45,000 and Eldon Insurance has been fined £60,000 for the breach."
As well as slapping the two organisations with the hefty fines – which totalled £15,000 less than the ICO had initially proposed last year – the watchdog confirmed that it was launching a fresh audit into their activities.
Information Commissioner Elizabeth Denham said: "It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened. We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information."
A separate National Crime Agency probe into Leave.EU – which acted as the unofficial Brexit campaign during the 2016 referendum battle – is already underway over suspected electoral law offences.
The agency is looking into the origin of £8m of donations Banks – who has denied any suggestion of unlawful activity – made to the Leave.EU campaign.
Responding to the original ICO fine announcement in November, Mr Banks said there had been "no evidence of a grand data conspiracy".
He tweeted: "Gosh we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?"
Published in February 2017, the Government Transformation Strategy oulined a bold vision for comprehensive and enduring reform, and set a range of ambitious targets. As we enter the final stretch...
Party alleges that Joan Ryan's actions breached GDPR and the Data Protection Act
After two breaches inside a week, department commissions independent assessment of compliance
Process of assessing use of technology has been 'sub-standard' committee finds