Tech News : Conservative Party Gets £10,000 Data Protection Fine
The ICO has fined the Conservative Party £10,000 for sending unlawful marketing emails to people who did not want to receive them.
Breach
The ICO has decided that after an investigation into emails sent from the Conservative Party, in the name of Rt Hon Boris Johnson MP, during the eight days in July 2019 after he was elected Prime Minister, the Conservative Party breached the Privacy and Electronic Communications Regulations (PECR) of 2003.
Unsolicited Emails
The breach of PECR occurred because, as the ICO concluded, the Conservative Party did not have the necessary valid consent in cases where marketing emails were received by complainants. Although 51 emails were found to be conclusively in breach of the regulations, the Conservative Party sent out 1,190,280 marketing emails between 24 July and 31 July 2019, and the ICO accepts it is likely that some of those emails would have been validly sent, but that it is not possible to identify what that proportion is. This is because, as stated by the ICO, “the Conservative Party failed to retain clear records of the basis upon which people had consented to receive marketing emails, as required by law.”
More Marketing Emails Sent During The Investigation
The ICO expressed concern that while the investigation into the initial breach was underway before the Conservative Party had addressed the original compliance issues, it “engaged in an industrial-scale marketing email exercise during the December 2019 General Election campaign, sending nearly 23 million emails” which “generated a further 95 complaints”.
Stephen Eckersley, ICO Director of Investigations, said “It’s really concerning that such large-scale processing occurred during the ICO’s ongoing investigation and before the Conservative Party had taken all the steps necessary to ensure that its processing, and database of people who would receive emails, was fully compliant with the data protection and electronic marketing regulations”.
The Fine
There has been criticism from some online commentators that the £10,000 fine may not be enough, when considering that according to newspaper reports, one luxury hamper of organic food delivered to 10 Downing Street recently cost £27,000.
What Does This Mean For Your Business?
It is disappointing and concerning that such a big political party (the party now in government) would not check or know about and/or failed to comply with well-publicised data protection laws. As those at the heart of UK law-making, this does not reflect well.
For businesses, this story is a reminder that there are clear laws pertaining to direct marketing (i.e. any communication of advertising or marketing material directed at particular individuals). It is a reminder that consent is vital, and it is important to keep clear records of the basis upon which people consent. Ignoring the regulations can result in a hefty fine and could prove very damaging to the reputation of a business.