ICO plans to fine Eldon Insurance and Leave.EU for breach of marketing regulations



The ICO has today issued its notice of intent to fine Eldon Insurance (trading as Go Skippy) £60,000 for contraventions of the Privacy and Electronic Communications Regulations 2003 (PECR), and £75,000 on Leave.EU also for PECR breaches.

The ICO says that both Leave.EU and Eldon Insurance had breached the PECR by sending one million emails to Leave.EU subscribers over two separate periods which also included marketing for GoSkippy services without the individuals’ consent.

The ICO has also issued a preliminary enforcement notice requiring Leave.EU to be fully compliant with PECR 2003 before sending emails to subscribers. The organisations may send representations by 5 December.

Speaking today at the House of Commons Digital, Culture, Media and Sport Committee hearing on fake news and disinformation, Information Commissioner Elizabeth Denham, said that the organisations had failed to keep separate the personal data on insurance clients and Leave.EU targets. The ICO will now look into this in more detail during an audit on Eldon, which will allow looking into the detail and make findings under the Data Protection Act 2018.

“We have concerns of ongoing misuse of personal data,” Denham said.

While she said that her new powers are fit for the digital age, she may still need a power to compel individuals to be interviewed. UKIP is one of the organisations that has failed to cooperate with the ICO during its investigation into political influencing. The ICO won this case, to compel UKIP to respond to the ICO’s questions, before the First-tier Tribunal (Information Rights) but UKIP has appealed against this decision.

Denham said that her work will continue in this area including Facebook/Cambridge Analytica data sharing: “Some of the issues uncovered in our investigation are still ongoing or will require further investigation or action.”

See the ICO’s Report to Parliament of 6 November.