ICO fines Leave.EU and Eldon Insurance £120,000 for data privacy violations

ICO fines Leave.EU and Eldon Insurance £120,000 for data privacy violations

ICO fines Leave.EU and Eldon Insurance £120,000 for data privacy violations

The Information Commissioner’s Office (ICO) has fined Leave.EU and Eldon Insurance a total of £120,000 after concluding that Leave.EU used personal data of Eldon Insurance customers to send up to 300,000 political marketing messages.

An investigation launched by the ICO last year has resulted in the conclusion that both Leave.EU and Eldon Insurance used personal data of each other’s subscribers to send hundreds of thousands of direct marketing and political marketing messages without obtaining sufficient consent from targeted subscribers.

Customer data used for direct marketing messages: ICO

On these counts, the ICO fined Leave.EU £45,000 an Eldon Insurance £60,000, stating that the systems for segregating the personal data of insurance customers’ from that of political subscribers’ were ineffective. It also announced that an audit team will soon analyse the data protection practices of both firms and its findings will be made public at the conclusion of its work. Leave.EU was separately fined  £15,000 for sending almost 300,000 political marketing messages to Eldon Insurance subscribers.

These fines were issued under the Privacy and Electronic Communications Regulations 2003 which authorises the ICO to issue fines of up to £500,000. As the said violation took place prior to the arrival of GDPR, both firms may have escaped much larger fines for accessing personal data of citizens unlawfully.

“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened. We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information,” said Information Commissioner Elizabeth Denham.

Brexit campaigners regularly violating data privacy laws

Last year, the ICO had also issued an enforcement notice to a data analytics firm named AggregateIQ for harvesting personal data of UK citizens for political campaigning purposes “without due legal or ethical consideration of the impacts to our democratic system”.

The ICO noted that AggregateIQ processed data of UK citizens on behalf of political organisations such as Vote Leave, BeLeave, Veterans for Britain, and the DUP Vote to Leave and that it used personal data obtained from these political organisations to target individuals with political advertising messages on social media.

According to BBC, AggregateIQ “was paid nearly £2.7m ($3.6m) by Vote Leave to target ads at prospective voters during the Brexit referendum campaign”. It also received funding from Northern Ireland’s Democratic Unionist Party and Veterans for Britain, receiving £3.5m in total.

Because of such conduct, the ICO ruled that AggregateIQ has failed to comply with the relevant provisions of GDPR as it processed personal data of UK citizens in a way that data subjects were not aware of, for purposes which they would not have expected, and without a lawful basis for that processing.


Cambridge Analytica fined £15,000 for ignoring ICO’s enforcement notice

ICO fines Emma’s Diary £140,000 for selling personal data to Labour party

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]