Two companies have been fined by the UK’s Information Commissioner’s Office (ICO) for using personal data to send emails without consent, in violation of the Data Protection Act of 1998.
The fines, totaling £120,000, were imposed on Leave.EU and Eldon Insurance, trading as Go Skippy Insurance. In addition, the ICO has also issued assessment notices, informing both firms that they will be audited.
Leave.EU used Eldon Insurance customers’ details to unlawfully send almost 300,000 political marketing messages, according to the ICO. Leave.EU was fined £15,000 for this offense.
In turn, Eldon Insurance sent over one million emails to Leave.EU subscribers without adequate consent. For this violation, Leave.EU was fined £45,000 and Eldon Insurance £60,000.
The ICO alleges that the two firms were closely linked, and that systems for segregating the personal data of insurance customers’ from that of political subscribers’ were ineffective.
The initial enforcement actions were issued last November as part of the ICO’s investigation into the use of data analytics for political purposes.
“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa,” states Information Commissioner Elizabeth Denham. "It should never have happened."
Denham adds: "We have been told both organizations have made improvements and learned from these events. But the ICO will now audit the organizations to determine how they are using customers’ personal information."