Britain’s political parties have all been sent official warning letters telling them to act on fears they are misusing personal data.
The information commissioner issued “assessment notices for audits later this year”, warning she was still investigating their practices ahead of a final report in October.
“We have concluded that there are risks in relation to the processing of personal data by many political parties,” Elizabeth Denham (pictured) wrote.
“Particular concerns include: the purchasing of marketing lists and lifestyle information from data brokers without sufficient due diligence, a lack of fair processing, and use of third party data analytics companies with insufficient checks around consent.”
The letters were revealed as the commissioner slapped a £500,000 fine on Facebook for allowing the controversial political consultancy Cambridge Analytica to mine the data of millions of its users. Critics said the punishment was little more than a slap on the wrist, but Denham said it was the maximum possible penalty for the scandal.
It was also seen as a warning shot for companies that now face penalties of up to 2% of global revenue under the General Data Protection Regulation which came in to force in May.
“Fines and prosecutions punish bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system,” Denham added.
She said the parties had been asked to provide information about how they use and obtain personal data and the steps they take to comply with data protection legislation.
Of particular concern were:
- The purchasing of marketing lists and lifestyle information from data brokers.
- A lack of fair processing information.
- Use of third party data analytics companies with insufficient checks that those companies use data with full consent.
- The sharing of contact lists of members with social media companies without appropriate fair processing information.
“We have indicated that we will allow them a period to address our findings before we follow up later this year with them individually through our audit process to assess their compliance,” Denham said.
However, the data watchdog immediately fined a marketing firm that illegally sold families' personal information to Labour before the 2017 general election. Data relating to 1,065,200 people - pregnant women, new parents and children - was passed on without their consent, the investigation found.
Lifecycle Marketing, the company behind the Emma’s Diary website, which offers expecting parents health advice and gifts, was fined £140,000.
The records supplied to Labour included the name of the parent who had joined the website, their home address, whether they had young children, and the birth dates of the mother and children.
Image from ICO