UK data watchdog the Information Commissioner’s Office (ICO) has fined pro-Brexit campaign group Leave.EU and associated insurance company Eldon Insurance a combined £120,000 for breaching data protection laws during the Brexit referendum.
The ICO issued its intent to fine the two firms in November 2018 as part of a wider investigation into data misuse for political means.
Timeline for Brexit
- February 13, 2019
- February 12, 2019
After further investigation, the ICO has upheld two of the three fines. One amount has been changed.
Eldon Insurance, trading as GoSkippy, is owned by Brexit financier and Leave.EU co-founder Arron Banks.
The ICO’s investigation found that Leave.EU unlawfully used Eldon Insurance customer details to send nearly 300,000 political marketing messages and described systems for segregating the two databases as “ineffective”.
As a result, Leave.EU has been fined £15,000.
The ICO said that Eldon Insurance “carried out two unlawful direct marketing campaigns”.
The insurance company sent over one million emails to Leave.EU subscribers without sufficient consent.
For this breach, Leave.EU has been fined £45,000, while Eldon Insurance has been hit with a £60,000 fine.
The two firms are now subject to an audit, giving the ICO access to Leave.EU and Eldon’s joint offices, documents and staff.
In addition to these charges, the ICO has issued Eldon Insurance an enforcement notice that orders the firm to take steps to comply with electronic marketing regulations.
Leave.EU fined: Data misuse “deeply concerning”
Elizabeth Denham, Information Commissioner said:
3 Things That Will Change the World Today
“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened.
“We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information.”
The ICO’s investigation into Brexit data misuse, as well as the 2017 General Election, was triggered in early 2017 by the Observer’s discovery that political consulting firm Cambridge Analytica illegally used data to target Leave voters.