This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/uk-news/live/2018/nov/06/information-commissioner-to-levy-fines-against-leave-eu-live

The article has changed 10 times. There is an RSS feed of changes available.

Version 1 Version 2
Arron Banks's firm and Leave. EU fined £135,000 over data misuse - live Arron Banks's firm and Leave. EU fined £135,000 over data misuse - live
(35 minutes later)
Labour’s Paul Farrelly notes that the £60,000 fine against Eldon Insurance seems rather less than the potential revenue raised by the misuse of emails. “We have to look at other fines that we’ve issued”, Denham says, but notes that future fines could be significantly higher as investigations continue. Damian Collins asks about who else may have copies of the Cambridge Analytica/Facebook dataset. “Some are individuals, some are academic institutions […] about half a dozen,” Dipple-Johnstone says.
Collins asks how this can be the case, if Facebook forced people to delete the data. “We found problems with the signing of these authorisations, some of them weren’t signed at all,” Denham says. “We also found evidence that as recently as 2018, spring, some of the data was still there at Cambridge Analytica. So there’s evidence that the follow-up was less than robust, which is part of the reason we fined Facebook £500,000.”
Does Denham believe that Facebook’s brief attempt to investigate Cambridge Analytica itself – sending investigators to the company’s office before even the ICO was allowed in – harmed the data? “There is no evidence to suggest that”, Denham says.
On Twitter, meanwhile, Arron Banks has dismissed the ICO’s conclusions about data protection breaches by his companies, tweeting: “So what?”
Gosh we communicated with our supporters and offered them a 10% brexit discount after the vote ! So what ? https://t.co/OYIZaCOmh5
Banks’ tweet may be seen as evidence in favour of Paul Farrelly’s assertion that £60,000 fines are too small to have an effect.
Labour’s Ian Lucas asks some pointed questions about the ICO taking Facebook’s testimony as fact. Facebook said it had found that Canadian data science outfit AggregateIQ used different email lists to those taken in the Cambridge Analytica breach, but Lucas wants to know if the ICO had independently verified that. It has not, Dipple-Johnstone says, in part because only Facebook has that data.
Ian Lucas asks who personally at Facebook dealt with the Cambridge Analytica breach. Dipple-Johnstone says the ICO has that information, but not to hand.
Lucas points out that, when Facebook first gave evidence to the committee, it didn’t mention that breach at all. He wants the information, he says, so that he can work out who knew what, when, and why the breach was hidden from parliament.
“One simple question: should Mark Zuckerberg appear before this committee,” asks Conservative Julian Knight.
“We have dealt with headquarters,” Denham says. “We have more action, a better response, when we’re dealing with Mountain View, than when we’re dealing with local representatives.” [Mountain View is actually Google’s headquarters; Facebook is based nearby, in Menlo Park.]
“I think it would be very useful to have him appear… from our own experience, it’s been critical that we’re connecting with senior staff.
“It’s been critical that we have levers in to the highest levels, because that’s where the decisions are being made.”
“We’ve heard evidence that there were staff who worked for both Leave.EU and Eldon Insurance,” Labour’s Jo Stevens asks. “Have you spoken to them?”
James Dipple-Johnstone says the ICO is interviewing former staff from many companies.
“Regulators need to look at the effectiveness of their processes,” Denham adds. “There’s a fundamental tension between the advertising business model of Facebook and fundamental rights like the protection of privacy. And that’s where we’re at now. It’s a big job on the part of regulators to ensure that the right rules are in place.”
“Would you put any personal information on a Facebook account?” Labour’s Clive Efford asks.
“I think Facebook has a long way to go to change practices to an extent that people have deep trust in the platform,” Denham says. “Social media is here to stay, but Facebook needs to significantly change their business model and practices to maintain trust.”
“We’ve seen some changes on the voluntary side to become more transparent,” she says, highlighting the company’s new rules about political adverts, “but they should be subject to stricter regulation and oversight. We issued the highest possible fine that we could impose for their role in Cambridge Analytica.”
Ukip has also refused to speak with the ICO, Denham says. “It’s been frustrating that they’ve refused to cooperate with our investigation.”
Cambridge Analytica’s Alexander Nix and Cambridge University’s Aleksandr Kogan both refused to appear in front of the ICO for an interview under caution. “Parliament has given us new powers that came into effect in April,” Denham says, but “one of the powers we may be coming back to parliament about is the ability to compel individuals to appear. That has frustrated our investigation.”
“We are looking at the entire structure for Cambridge Analytica and SCL Group,” adds Dipple-Johnstone, deputy commissioner.
Labour’s Paul Farrelly notes that the £60,000 fine against Eldon Insurance seems rather less than the potential revenue raised by the misuse of emails. “We have to look at other fines that we’ve issued,” Denham says, but notes that future fines could be significantly higher as investigations continue.
The committee is up. Damian Collins, the chair, begins by running through the findings of the ICO, focusing on the fine levied against Leave.EU and Eldon Insurance.The committee is up. Damian Collins, the chair, begins by running through the findings of the ICO, focusing on the fine levied against Leave.EU and Eldon Insurance.
“Does the ICO believe that the emails were also used to target adverts on Facebook?”, he asks. “It is possible those email addresses could have been used in other ways,” Denham responds, but notes that she has not yet investigated that possiblity.“Does the ICO believe that the emails were also used to target adverts on Facebook?”, he asks. “It is possible those email addresses could have been used in other ways,” Denham responds, but notes that she has not yet investigated that possiblity.
A breather from filleting the ICO’s report as we prepare for the DCMS to hear from the organisation directly.A breather from filleting the ICO’s report as we prepare for the DCMS to hear from the organisation directly.
If you want to watch along yourself, good news: the select committee is being broadcast live on Twitter, a first:If you want to watch along yourself, good news: the select committee is being broadcast live on Twitter, a first:
LIVE: What role can independent regulators have in regulating social media companies, keeping our data safe and advertising models transparent? We are questioning @ICOnews @ElectoralCommUK and @ASA_UK https://t.co/TpjDxeNwu6LIVE: What role can independent regulators have in regulating social media companies, keeping our data safe and advertising models transparent? We are questioning @ICOnews @ElectoralCommUK and @ASA_UK https://t.co/TpjDxeNwu6
To tackle these issues, the ICO’s report calls for the creation of a statutory code of practice to regulate the use of personal information in political campaigns. The code would have legal force, under the 2018 Data Protection Act, and apply to all data controllers who process personal data for the purpose of political campaigning.
Crucially, the ICO hopes that such a rule set can be drawn up “before the next general election”, and is calling for input from almost everyone imaginable – “political parties, campaign groups, potential electoral candidates, data brokers, companies providing online marketing platforms, relevant regulators, thinktanks, interested academics, the general public and those representing the interests of the public”.
In her blogpost announcing the report, the information commissioner says the report “is not the end”.
Some of the issues uncovered in our investigation are still ongoing or will require further investigation or action […] But it’s not just about enforcement action.
We are at a crossroads. Trust and confidence in the integrity of our democratic processes risks being disrupted because the average person has little idea of what is going on behind the scenes.
This must change. People can only make truly informed choices about who to vote for if they are sure those decisions have not been unduly influenced.
As previously announced, the ICO has also sent formal warnings “to 11 political parties (Conservatives, Labour, Lib Dems, Greens, SNP, Plaid Cymru, DUP, Ulster Unionists, Social Democrat, Sinn Féin and Ukip) detailing the outcome of our investigation and the steps that needed to be taken. We required them to report on the actions taken within three months.”
Leading credit rating agencies (CRAs) Experian, Equifax and Call Credit have also been issued with assessment notices and the ICO is in the process of conducting audits.
The regulator says the CRAs were already being examined in a separate project to assess the privacy issues raised by their work. That project has now been “expanded to include their activities in political processes”, and expects to report by the end of 2018.
Cambridge Analytica has been ordered to “deal properly” with a request for personal data by the US citizen David Carroll. The ICO said it would pursue a criminal prosecution of the now-defunct company for failing to respond properly to their previous enforcement notice.
The ICO said it had identified serious breaches of data protection and would have issued a substantial fine if the company was not in administration.
Although they aren’t household names, Britain’s data brokers will also be facing uncomfortable investigations, with assessment notices issued to three of the largest: GB Group PLC, Acxiom Ltd and Data Locator Group Ltd. The information commissioner’s office said it had found no evidence the companies had broken the laws, but it is hoping to obtain “additional information about their practices”, and is now seeking to carry out audits.
Leave.EU and Arron Banks’s Eldon Insurance have been fined £60,000 each for serious breaches of the privacy and electronic communications regulations 2003 (PECR), the law which governs electronic marketing, over adverts sent to 2 million Leave.EU subscribers for Eldon’s insurance products, without consent, the report says.
A separate £15,000 fine has been levied against Leave.EU for another breach of email regulations in the opposite direction, sending 300,000 emails to Eldon customers with a Leave.EU newsletter.
Both fines are currently at the “notice of intent” stage, giving Banks’ organisations time to appeal or file countering evidence.
The Information Commission will be referring Facebook to the Irish Data Protection Commission, which has authority over the social network under GDPR.
The body had already fined Facebook the maximum amount allowable under the previous regulations, £500,000, but it believes there are “outstanding issues” that still need to be addressed “about Facebook’s targeting functions and techniques used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices.” But that is for the Irish DPA to rule on.
From the ICO’s report:
“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”
“We have uncovered a disturbing disregard for voters’ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”
More than two years after the Brexit referendum, and the regulators are finally starting to finish their investigations.
Today, the digital, culture, media and sport (DCMS) committee’s “fake news” inquiry will hear evidence from an assortment of officials, including the information commissioner, Elizabeth Denham, the chief executive of the Electoral Commission, Claire Bassett, and the head of the Advertising Standards Authority, Guy Parker.
Kicking off the day are Denham and her deputy, James Dipple-Johnstone, who are expected to announce fines against Leave.EU backer Arron Banks for misuse of supporter data. They’ll be up at 10:30am.
But first, the information commissioner’s report on the use of data analytics in political campaigns has been published, 90 minutes early: it was due to be released after Denham’s appearance, but leaks have apparently pushed that forward.