The Brexit campaign group Leave.EU and the Eldon Insurance company owned by its founder are facing £135,000 in fines. Information Commissioner Elizabeth Denham has fined both groups £60,000 for “serious breaches” of a law that governs electronic marketing.
Unlawful email marketing
More than a million emails delivered to Leave.EU subscribers contained marketing for Eldon’s GoSkippy services. In the report, Denham said that she uncovered “a disturbing disregard for voters’ personal privacy.”
Leave.EU will face an additional £15,000 fine due to its further breach of email regulations. This is a result of the campaign group sending 300,000 emails to Eldon customers with its Brexit newsletter.
A final decision is yet to be made regarding Eldon’s overall handling of personal data. “We are investigating allegations that Eldon Insurance Services Limited shared customer data obtained for insurance purposes with Leave.EU,” the report stated.
The most complex data protection investigation “ever conducted”
The Commissioner announced the formal investigation into the use of data analytics for political purposes in May 2017. It has since broadened to become the largest investigation of its type by any Data Protection Authority involving social media platforms, data brokers, analytics firms, academic institutions, political parties and campaign groups.
The ICO has described the data protection investigation as the most complex it has ever conducted. At present, over 40 full-time investigators are analysing data from servers both voluntarily surrendered and seized by the body.
The size and scope of the investigation is unprecedented. As a result, referrals have been made to other law enforcement bodies in the UK overseas due to the uncovering some “offences beyond the scope of the ICO’s legal remit.”
The Cambridge Analytica escape
As a result of the case, the ICO has issued data protection warnings to eleven political parties in the UK. The body has also threatened to conduct independent audits of these parties later in the year.
In addition, the ICO has said that Cambridge Analytica would be facing significant fines had it not already closed operations. However, the UK has fined Facebook £500,000 following the disruptive scandal.
Despite receiving the maximum fine, a £500,000 penalty amounts to a mere fragment of Facebook’s 2017 £31.5 billion global revenue. Post-GDPR, the company could have faced a substantially higher fine of up to £1.2 billion.