This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/uk-news/live/2018/nov/06/information-commissioner-to-levy-fines-against-leave-eu-live

The article has changed 10 times. There is an RSS feed of changes available.

Version 0 Version 1
Arron Banks' firm and Leave.EU face £135,000 fine over data misuse - live Arron Banks's firm and Leave. EU fined £135,000 over data misuse - live
(35 minutes later)
Leave.EU and Arron Banks’ Eldon Insurance have been fined £60,000 each “for serious breaches of the Privacy and Electronic Communications Regulations 2003 (PECR), the law which governs electronic marketing,” over adverts sent to two million Leave.EU subscribers for Eldon’s insurance products, without consent, the report says. Labour’s Paul Farrelly notes that the £60,000 fine against Eldon Insurance seems rather less than the potential revenue raised by the misuse of emails. “We have to look at other fines that we’ve issued”, Denham says, but notes that future fines could be significantly higher as investigations continue.
The committee is up. Damian Collins, the chair, begins by running through the findings of the ICO, focusing on the fine levied against Leave.EU and Eldon Insurance.
“Does the ICO believe that the emails were also used to target adverts on Facebook?”, he asks. “It is possible those email addresses could have been used in other ways,” Denham responds, but notes that she has not yet investigated that possiblity.
A breather from filleting the ICO’s report as we prepare for the DCMS to hear from the organisation directly.
If you want to watch along yourself, good news: the select committee is being broadcast live on Twitter, a first:
LIVE: What role can independent regulators have in regulating social media companies, keeping our data safe and advertising models transparent? We are questioning @ICOnews @ElectoralCommUK and @ASA_UK https://t.co/TpjDxeNwu6
To tackle these issues, the ICO’s report calls for the creation of a statutory code of practice to regulate the use of personal information in political campaigns. The code would have legal force, under the 2018 Data Protection Act, and apply to all data controllers who process personal data for the purpose of political campaigning.
Crucially, the ICO hopes that such a rule set can be drawn up “before the next general election”, and is calling for input from almost everyone imaginable – “political parties, campaign groups, potential electoral candidates, data brokers, companies providing online marketing platforms, relevant regulators, thinktanks, interested academics, the general public and those representing the interests of the public”.
In her blogpost announcing the report, the information commissioner says the report “is not the end”.
Some of the issues uncovered in our investigation are still ongoing or will require further investigation or action […] But it’s not just about enforcement action.
We are at a crossroads. Trust and confidence in the integrity of our democratic processes risks being disrupted because the average person has little idea of what is going on behind the scenes.
This must change. People can only make truly informed choices about who to vote for if they are sure those decisions have not been unduly influenced.
As previously announced, the ICO has also sent formal warnings “to 11 political parties (Conservatives, Labour, Lib Dems, Greens, SNP, Plaid Cymru, DUP, Ulster Unionists, Social Democrat, Sinn Féin and Ukip) detailing the outcome of our investigation and the steps that needed to be taken. We required them to report on the actions taken within three months.”
Leading credit rating agencies (CRAs) Experian, Equifax and Call Credit have also been issued with assessment notices and the ICO is in the process of conducting audits.
The regulator says the CRAs were already being examined in a separate project to assess the privacy issues raised by their work. That project has now been “expanded to include their activities in political processes”, and expects to report by the end of 2018.
Cambridge Analytica has been ordered to “deal properly” with a request for personal data by the US citizen David Carroll. The ICO said it would pursue a criminal prosecution of the now-defunct company for failing to respond properly to their previous enforcement notice.
The ICO said it had identified serious breaches of data protection and would have issued a substantial fine if the company was not in administration.
Although they aren’t household names, Britain’s data brokers will also be facing uncomfortable investigations, with assessment notices issued to three of the largest: GB Group PLC, Acxiom Ltd and Data Locator Group Ltd. The information commissioner’s office said it had found no evidence the companies had broken the laws, but it is hoping to obtain “additional information about their practices”, and is now seeking to carry out audits.
Leave.EU and Arron Banks’s Eldon Insurance have been fined £60,000 each for serious breaches of the privacy and electronic communications regulations 2003 (PECR), the law which governs electronic marketing, over adverts sent to 2 million Leave.EU subscribers for Eldon’s insurance products, without consent, the report says.
A separate £15,000 fine has been levied against Leave.EU for another breach of email regulations in the opposite direction, sending 300,000 emails to Eldon customers with a Leave.EU newsletter.A separate £15,000 fine has been levied against Leave.EU for another breach of email regulations in the opposite direction, sending 300,000 emails to Eldon customers with a Leave.EU newsletter.
Both fines are currently at the “notice of intent” stage, giving Banks’ organisations time to appeal or file countering evidence.Both fines are currently at the “notice of intent” stage, giving Banks’ organisations time to appeal or file countering evidence.
The Information Commission will be referring Facebook to the Irish Data Protection Commission, which has authority over the social network under GDPR.The Information Commission will be referring Facebook to the Irish Data Protection Commission, which has authority over the social network under GDPR.
The body had already fined Facebook the maximum amount allowable under the previous regulations, £500,000, but it belives there are “outstanding issues” that still need to be addressed “about Facebook’s targeting functions and techniques used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices.” But that is for the Irish DPA to rule on. The body had already fined Facebook the maximum amount allowable under the previous regulations, £500,000, but it believes there are “outstanding issues” that still need to be addressed “about Facebook’s targeting functions and techniques used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices.” But that is for the Irish DPA to rule on.
From the ICO’s report:From the ICO’s report:
“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”
“We have uncovered a disturbing disregard for voters’ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”“We have uncovered a disturbing disregard for voters’ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”
More than two years after the Brexit referendum, and the regulators are finally starting to finish their investigations.More than two years after the Brexit referendum, and the regulators are finally starting to finish their investigations.
Today, the digital, culture, media and sport (DCMS) committee’s “fake news” inquiry will hear evidence from an assortment of officials, including the Information Commissioner, Elizabeth Denham, the chief executive of the Electoral Commission, Claire Bassett, and the head of the Advertising Standards Authority, Guy Parker. Today, the digital, culture, media and sport (DCMS) committee’s “fake news” inquiry will hear evidence from an assortment of officials, including the information commissioner, Elizabeth Denham, the chief executive of the Electoral Commission, Claire Bassett, and the head of the Advertising Standards Authority, Guy Parker.
Kicking off the day are Denham and her deputy, James Dipple-Johnstone, who are expected to announce fines against Leave.EU backer Arron Banks for misuse of supporter data. They’ll be up at 10:30. Kicking off the day are Denham and her deputy, James Dipple-Johnstone, who are expected to announce fines against Leave.EU backer Arron Banks for misuse of supporter data. They’ll be up at 10:30am.
But first, the Information Commission’s report on the use of data analytics in political campaigns has been published, ninety minutes early: it was due to be released after Denham’s appearance, but leaks have apparently pushed that forward. But first, the information commissioner’s report on the use of data analytics in political campaigns has been published, 90 minutes early: it was due to be released after Denham’s appearance, but leaks have apparently pushed that forward.