UK data watchdog the Information Commissioner’s Office (ICO) has fined pro-Brexit campaign group Leave.EU and associated insurance company Eldon Insurance a combined £120,000 for breaching data protection laws during the Brexit referendum.

The ICO issued its intent to fine the two firms in November 2018 as part of a wider investigation into data misuse for political means.

After further investigation, the ICO has upheld two of the three fines. One amount has been changed.

Eldon Insurance, trading as GoSkippy, is owned by Brexit financier and Leave.EU co-founder Arron Banks.

The ICO’s investigation found that Leave.EU unlawfully used Eldon Insurance customer details to send nearly 300,000 political marketing messages and described systems for segregating the two databases as “ineffective”.

As a result, Leave.EU has been fined £15,000.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

The ICO said that Eldon Insurance “carried out two unlawful direct marketing campaigns”.

The insurance company sent over one million emails to Leave.EU subscribers without sufficient consent.

For this breach, Leave.EU has been fined £45,000, while Eldon Insurance has been hit with a £60,000 fine.

The two firms are now subject to an audit, giving the ICO access to Leave.EU and Eldon’s joint offices, documents and staff.

In addition to these charges, the ICO has issued Eldon Insurance an enforcement notice that orders the firm to take steps to comply with electronic marketing regulations.

Leave.EU fined: Data misuse “deeply concerning”

Elizabeth Denham, Information Commissioner said:

“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened.

“We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information.”

The ICO’s investigation into Brexit data misuse, as well as the 2017 General Election, was triggered in early 2017 by the Observer’s discovery that political consulting firm Cambridge Analytica illegally used data to target Leave voters.

Read more: Democracy undermined: Extent of Brexit data misuse revealed by ICO report