The politics of personal data and its misuse under GDPR

07 Nov 2018

Leave.EU, Arron Banks and Eldon Insurance (a company founded by Mr Banks) face Information Commissioner fines of £135,000 Data Law breaches. 

The report of the Information Commissioner’s Office (ICO) are part of the ongoing Information Commissioner probe into use and misuse of data by political campaigns and many will recall the writer’s recent posts on the Cambridge Analytica scandal.

The ICO alleges that over 1 million emails sent to subscribers of Leave.EU contained marketing for Eldon’s ‘GoSkippy’ services. The Emails were initially sent in August 2016 just after the Brexit referendum and continued to be sent for another 12 months thereafter. What you cannot do, as an organisation which controls or handles personal data given to you for one purpose, is to use it for another, unless there is a lawful reason for you to do so. The most common lawful reason is the consent of the person to whom the personal data belongs.

It is important to note, and proper to do so, that Mr Bank continues to deny the allegations. Mr Banks commented that the ICO had found that: 

"We may have accidentally sent a newsletter to customers" but "no evidence of a grand data conspiracy".

He continued:  

"Gosh we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?”

However Mr Banks unfortauntely misses the point. Data does not belong to the organisation that controls the personal data, the data belongs to the person concerned.

The report throws light on and describes the ‘close relationship’ between Eldon Insurance and Leave.EU. As matters stand, Eldon and Leave.EU face fines of £60,000 for sending these emails. In addition to the £60,000 fine, Leave.EU faces a £15,000 penalty for sending Eldon customers newsletters from Leave.EU.

The report says Eldon admitted to the ICO to one incident where a Newsletter from Leave.EU was emailed to Eldon customers, but said that this was due to an error in an email distribution management system. Eldon stated:

"We established that this incident occurred on 16 September 2015, when Leave.EU marketing staff sent an email newsletter, intended for Leave.EU subscribers, to more than 319,000 email addresses on Eldon's customer database."

And continued: 

"We are investigating allegations that Eldon Insurance Services Limited shared customer data obtained for insurance purposes with Leave.EU."

The ICO continues to investigate and has yet to reach a conclusion on other allegations relating to the company's overall handling of personal data.

This is a reminder that the duties on Data Controllers under GDPR (the General Data Protection Regulations) can be strict, and organisations must be careful that they have in place systems designed to prevent accidental loss of information. Furthermore, Data Controllers need to be very cautious. Just because you have someone’s permission to use their data for selling them goods and services, does not eman you can then use that information for purposes for which permission has not been given. 

With the fines now available under GDPR, which came into force on 25th May this year, Data Controllers need to put personal data at the heart of their Information Technology and Security Protocols. If caution is thrown to the wind, it could result in a potentially substatial fine as we have seen in the instance above, with there now being two tiers of fines that can be levied as penalties for non-compliance: 

The lower tier: up to €10 million, or 2% annual global turnover – whichever is higher. 
The higher tier is up to €20 million, or 4% annual global turnover – whichever is higher.

Further reading

The meaning of vacant possession – useful guidance from the Court of Appeal

Blog, Legal Updates
Cheraine Williams considers the facts of a recent case but urges tenants not to rely solely on the outcome
Read more Read

Employer's question: the right to appeal a redundancy dismissal

It is common practice to offer the right to appeal against a redundancy dismissal. If you are considering not doing so, tread carefully.
Read more Read

Can I disinherit my children?

"American Pie" hit maker, Don McLean, is said to have disinherited his daughter after her claims of emotional abuse. Is it really that easy?
Read more Read

DMH Stallard Corporate team wins major industry award

Blog, News & PR
Private Equity / Venture Capital Deal of the Year 2021 awarded to deal led by Abigail Owen
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch