Arron Banks and Leave.EU fined £135,000 over data protection breach

Brexit campaign backer Arron Banks' insurance company and the Leave.EU campaign have been fined £135,000 by the UK Information Commissioner’s Office on Tuesday for data misuse during the 2016 referendum.

The prospective fine follows an investigation into the misuse of personal data from subscribers of the political campaign. The report says more than a million emails were sent to the marketing mailing list of Banks’ Eldon Insurance and GoSkippy companies.

ICO said both Leave.EU and Eldon Insurance face fines of £60,000 for the emails sent in August after the referendum and the following year.

Leave.EU also faces a £15,000 fine for a separate "serious" breach after emails were sent to Eldon customers containing a newsletter for the Brexit campaign group.

According to ICO, Leave.EU admitted to making a mistake and sending a newsletter to Eldon customers due to an error in managing an email distribution system.

"We established that this incident occurred on 16 September 2015, when Leave.EU marketing staff sent an email newsletter, intended for Leave.EU subscribers, to more than 319,000 email addresses on Eldon's customer database.”

Both fines are currently at the “notice of intent” stage, allowing Banks’ organisations enough time to appeal or file countering evidence.

The news comes a week after the National Crime Agency announced that it would begin an investigation into Leave.EU’s financing following a referral from the Electoral Commission.

The report also says that they are "still looking at how the Remain side of the referendum campaign handled personal data, including the electoral roll, and will be considering whether there are any breaches of data protection or electoral law requiring further action".

The ICO has also sent formal warnings to 11 political parties, the Conservatives, Labour, Lib Dems, Greens, SNP, Plaid Cymru, DUP, Ulster Unionists, Social Democrat, Sinn Féin and Ukip, "detailing the outcome of our investigation and the steps that needed to be taken. We required them to report on the actions taken within three months.”

The ICO hopes for the creation of a statutory code of practice that regulates the use of personal data in political campaigns. It urges political parties, campaign groups, electoral candidates, data brokers and companies to draw the new rule set before the next general election.

DCMS committee chair and MP Damian Collins said: “On Facebook, I welcome the Information Commissioner’s comments that the platform needs to change and take much greater responsibility, and her call for Facebook to be subject to stricter regulation and oversight. It is noted that she thinks it would be ‘very useful’ for Mark Zuckerberg to appear in person to answer questions from my committee.

“My committee has called for a tech levy on companies to pay for digital literacy and education – I’m encouraged to hear her endorse this as a ‘fine idea’.

“Looking to the future, we hear loudly the opinion of the Information Commissioner that the time for self-regulation is over and a time of accountability is here where parliament sets the objectives and outcomes for social media companies to follow, rather than the regulator taking on individual complaints," he added.