Hundreds of thousands of campaign emails promoting the Leave.EU Brexit campaign were sent to customers of a company owned by Arron Banks, in a serious breach of data law.
In a major report published by the UK’s Information Commissioner on Tuesday, Elizabeth Denham confirmed that a Leave.EU newsletter was sent to more than 319,000 email addresses on Banks’ Eldon Insurance company database in the run up to the referendum.
The group, co-founded by Banks, did not have the consent of subscribers for more than 296,500 unsolicited marketing emails it sent, the investigation found.
While Eldon faces a £15,000 fine for the incident, the insurance company and Leave.EU face additional fines of £60,000 each for another serious breach of data law uncovered by the Information Commissioner’s Office.
During two separate campaigns, Leave.EU sent emails to their subscribers promoting Banks’ business, which trades under the name GoSkippy, Denham and her team revealed.
Between February and July 2017, Leave.EU sent more than a million emails to its subscribers which included the GoSkippy banner and a discount offer.
Meanwhile, a single email announcing a sponsorship deal with GoSkippy was sent to 49,000 email addresses in August 2016.
Hitting back on Twitter, Banks appeared to dismiss the seriousness of the claims, writing: “Gosh we communicated with our supporters and offered then a 10% Brexit discount after the vote! So what?”
But giving evidence to parliament’s inquiry into fake news on Tuesday, Denham told MPs she had “concerns about ongoing misuse of personal data” at Banks, Eldon Insurance and Leave.EU.
“We need to look at whether the processes are working to be able to separate the data from political campaigning and from insurance use,” she said, adding that fines issued by her office could be “significantly higher” if breaches are still going on.
The Information Commissioner wrote in the report that her investigation into the use of data analytics in political campaigns had uncovered a “disturbing disregard for voters’ personal privacy”.
“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or in the US election campaigns,” she said.
“But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”
The data watchdog is also looking into how the Remain campaign handled personal data “and will be considering whether there are any breaches of data protection or electoral law requiring further action”.
Meanwhile, Denham has called on the government to offer the UK a data privacy regime “fit for purpose in the digital age, warning that voluntary moves by online company are not enough to solve the problem.
“Our investigation uncovered significant issues, negligence and contraventions of the law,” she continued. “Now we must find the solutions.
“What can we do to ensure that we preserve the integrity of elections and campaigns in future, in order to make sure that voters are truly in control of the outcome?
“Updated data protection law sets out legal requirements and it should be government and regulators upholding the law. Whilst voluntary initiatives by the social media platforms are welcome, a self-regulatory approach will not guarantee consistency, rigour or public confidence.”