The Information Commissioner’s Office (ICO) has fined Leave.EU and Arron Banks a combined sum of £120,000, following investigations into the companies’ marketing practices.
The regulator issued three notices of intent and a preliminary enforcement notice after it came to light that the two organisations were not complying with the General Data Protection Regulations (GDPR).
It also announced an audit of the companies jointly trading under the name of Go Skippy Insurance, will be fully audited by the ICO to inspect current data protection practices, while Eldon Insurance has also received an enforcement notice specifying it must take steps to comply with electronic marketing regulations, specifically the use of data analytics for political purposes.
The ICO said Leave.EU and Eldon Insurance were linked and had not sufficiently separated the data from insurance customers and Vote Leave supporters, meaning Eldon Insurance customers were sent political campaigns completely unrelated to the reasons they had opted in to receiving marketing communications.
The ICO’s investigation found that 300,000 insurance customers were sent emails about Leave.EU’s political campaign, resulting in a £15,000 fine for the firm.
However, it was a further two marketing campaigns that resulted in the biggest penalties.
The finance firm used Leave.EU’s data to send more than a million emails about insurance, across two digital marketing campaigns, without consent. For this breach of trust, Leave.EU was fined a further £45,000, while Eldon was lumped with a £60,000 penalty.
“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened,” Elizabeth Denham, Information Commissioner said.
“We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information.”