The ICO have announced that they are going to be fining Leave.EU and Aaron Banks’ insurance company Eldon Insurance a total of £135,000 for breaking data protection laws.
Now, the law they have broken is the PECR which is the Privacy and Electronic Communication Regulations. This not a new law, it came in in 2003 but it’s been getting a lot more press recently because of the cross overs with the new GDPR.
I’m going to spend the next couple of minutes looking at what the campaign did wrong, why they’ve been hit with a fine, and see if we can all learn something from it.
What did Leave.EU & Eldon Insurance do wrong?
Let’s look first at what the campaign did wrong. The Information Commissioner’s report has set out that Leave.EU and Eldon, which is a company owned by Aaron Banks trading as Go Skippy, were going to be fined £60,000 each for serious breaches of the law. We know that law is the Privacy and Electronic Communication Regulations (PECR).
Leave.EU have breached PECR by sending out more than 1,000,000 emails to their subscribers which also included marketing information about Go Skippy. Sending out emails to subscribers of a service or a product is absolutely fine. Leave.EU are well entitled to send things to their subscribers with updates about the campaign, information about the campaign and all that sort of stuff. Where they went wrong was including marketing information about Go Skippy.
The subscribers to the Leave.EU campaign would have had no way of saying yes or no to receiving the information about that separate business, product and service. By giving them no way of consenting (or indeed not consenting) to this information about a third party, Leave.EU fell foul of the PECR.
On top of that, the ICO have said that Leave.EU will face a further £15,000 fine for a separate serious breach. This breach is in relation to 300,000 emails sent to Eldon customers, which as we know is also Go Skippy (they’re the same thing), received a newsletter for the Brexit campaign.
We now have over 1,000,000 Leave.EU subscribers receiving marketing materials about Go Skippy (aka Eldon Insurance). And we have 300,000 Go Skippy (Eldon Insurance) customers receiving marketing materials about the Leave.EU’s Brexit campaign.
The PECR exists to stop companies sending marketing emails, doing spam phone calls whatever else it may be to individuals without a justified reason. If we haven’t bought a similar product or service or been in negotiation to buy a similar product or service to the one they want to email us about, then they are not permitted to send us anything without our consent.
I hope this explanation of the ICO’s recent £135,000 PECR fine has been useful for people. It’s not designed to be a full run down of the PECR, purely to explain what’s happened in this case.
If you want any more information about the PECR and how it affects you then contact me on LinkedIn or via our contact page. We are going to do another piece on the PECR within the next few weeks because we are getting a lot of questions about it at the minute so stay tuned to LinkedIn and we will let you know once the video is available.