ICO fines Brexit campaign group £120k over data breaches and plans further audit

Written by Matt Foster on 4 February 2019 in News

Leave.EU hit with penalty by regulator as NCA investigation continues

Credit: Jacob Edward/CC BY 2.0

Brexit campaign group Leave.EU and an insurance firm owned by its founder Arron Banks have been slapped with a six-figure fine by the Information Commissioner’s Office over "serious" data breaches.

Both Leave.EU and Eldon Insurance – which traded as GoSkippy Insurance – were fined £60,000 each after an investigation by the ICO found the two organisations had broken electronic marketing laws.

The fines were originally announced by the ICO in November last year as part of a wide-ranging investigation by the watchdog into the use of data analytics in political campaigns.

The ICO said it Leave.EU and Eldon insurance had been "closely linked", with systems meant to wall off the use of personal insurance data from those targeted with political messages described as "ineffective".

Related content

"This resulted in Leave.EU using Eldon Insurance customers’ details unlawfully to send almost 300,000 political marketing messages," the ICO said in a statement. "Leave.EU has been fined £15,000 for this breach. Eldon Insurance carried out two unlawful direct marketing campaigns. The campaigns involved the sending of over one million emails to Leave.EU subscribers without sufficient consent. Leave.EU has been fined £45,000 and Eldon Insurance has been fined £60,000 for the breach."

As well as slapping the two organisations with the hefty fines – which totalled £15,000 less than the ICO had initially proposed last year – the watchdog confirmed that it was launching a fresh audit into their activities.

Information Commissioner Elizabeth Denham said: "It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened. We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information."

A separate National Crime Agency probe into Leave.EU – which acted as the unofficial Brexit campaign during the 2016 referendum battle – is already underway over suspected electoral law offences.

The agency is looking into the origin of £8m of donations Banks – who has denied any suggestion of unlawful activity – made to the Leave.EU campaign.

Responding to the original ICO fine announcement in November, Mr Banks said there had been "no evidence of a grand data conspiracy".

He tweeted: "Gosh we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?"


About the author

Matt Foster is news editor of PublicTechnology sister publication PoliticsHome, where this story first appeared. He tweets as @mattlpfoster.


Share this page




Please login to post a comment or register for a free account.

Related Articles

ICO set to issue fewer public sector fines to avoid ‘data breach victims being punished twice’
1 July 2022

Penalties for public bodies often impact services – rather than shareholders – according to commissioner John Edwards

Government sets up £20m compensation pot for victims who fought to expose Post Office IT scandal
30 June 2022

Increased funding is set to more than double the money received by those who brought group legal action – with more support to follow

Government urged to commit to devolution to drive innovation and levelling-up
29 June 2022

Think tank report identifies benefits of city mayors, but finds many local officials are frustrated with current interactions with Whitehall

Government seeks ‘better outcomes’ by linking data on homelessness, crime and addiction
27 June 2022

MoJ-led series of pilot programmes aim to better connect information to improve outcomes for those with complex needs