Emma’s Diary, a firm providing pregnancy and childcare advice, was recently fined £140,000 by the Information Commissioner’s Office (ICO) for collecting and selling personal data of more than one million people, including new mums, to The Labour Party prior to the 2017 General Election.
According to the ICO, personal data obtained by The Labour Party from Emma’s Diary allowed the party to “send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres”.
Emma’s Diary sold data of 1m mums to Labour Party
Emma’s Diary, also known as Lifecycle Marketing (Mother and Baby) Limited, describes itself as “the most widely circulated mother-and-baby publication, with a circulation of 870,000 copies distributed a year”, and also states in its website that it maintains a database which is used by marketers to pitch their products to new mums.
The firm supplied 1,065,220 personal data records to Experian Marketing Services in May last year as part of an agreement where The Labour Party was listed as the latter’s client. Personal data sold by Emma’s Diary to Experian included names of parents, home addresses, children’s dates of birth, and presence of children up to five years old. Such data was provided to the firm by young mums at the time of online and offline registrations.
“The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent. All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public,” said Elizabeth Denham, the Information Commissioner.
“The ICO is committed to monitoring data brokers, political parties, and online platforms and using new audit and enforcement powers so that the public can have confidence that parties and political campaign groups are complying with the law,” she added.
Personal data more valuable than innovation
Around the same time last year, the ICO found the Royal Free NHS Foundation Trust guilty of sharing 1.6 million patient records with UK-based Google DeepMind to enable the latter to ‘develop and deploy a new clinical detection, diagnosis and prevention application and the associated technology platform’ for the former.
Even though the Trust said it shared nearly 1.6 million ‘partial patient records containing sensitive identifiable personal information’ only for clinical safety tests and for no other purpose, the ICO ruled that the trust failed to adequately inform patients that their data would be used by DeepMind for conducting clinical safety tests.
According to the ICO, the ‘price of innovation didn’t need to be the erosion of legally ensured fundamental privacy rights’ and that deployments of innovative technologies can be completed while adhering to the Data Protection Act. The office added that privacy impact assessments should be carried out compulsorily by NHS trusts before handing over sensitive data to third parties.