Leave.EU, a Brexit campaign group, and Arron Banks-owned insurance unit Eldon face fines totalling £130,000 from the UK’s Information Commissioner’s Office (ICO) over violation of data privacy rules.
The ICO, which published its finding following an investigation into the misuse of personal data for political campaigns, stated that both Leave.EU and Eldon Insurance (trading as GoSkippy) breached the Privacy and Electronic Communications Regulations 2003 (PECR) that governs electronic marketing.
The two entities face fines of £60,000 each for sending emails in August 2016 following the referendum and the ensuing year.
What did the Arron banks-owned insurance unit do?
During the course of its probe, launched in 2017, the regulator found that Leave.EU campaign sent political marketing material to customers of Arron Banks’ insurance firm after allegedly obtaining their personal data.
A separate £15,000 fine will be imposed on Leave.EU for an additional violation of PECR regulation 22 as it sent 300,000 emails of Leave.EU newsletter to Eldon customers.
The ICO is probing into allegations that Eldon Insurance Services Limited shared customer data obtained for insurance purposes with Leave.EU.
In the report, Information Commissioner Elizabeth Denham said: “…personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”
Denham also added: “We have used the full range of our investigative powers and where there have been breaches of the law, we have acted. We have issued monetary penalties and enforcement notices ordering companies to comply with the law.”
As part of its response to an information notice, Eldon admitted to one incident where a Leave.EU newsletter was incorrectly emailed to Eldon customers due to an error in managing an email distribution system.
The ICO’s probe involved 71 witnesses, 30 organisations, and more than 700 terabytes of data that is equivalent to 52 billion pages.
The IOC sent warning notices to 11 UK political parties and instructed them to take proper action on data protection. The parties have also been warned of possible audits later in the year.