ICO consults on new data code for political campaigns

DataIQ News

The Information Commissioner's Office has launched a consultation over the creation of a statutory code of practice to regulate the use of personal data in political campaigns in the wake of the Cambridge Analytica scandal.

The code would have legal force, under the Data Protection Act 2018, and apply to all data controllers who process personal information for the purpose of political campaigning.

Following the ICO’s 18-month investigation into the use of data analytics for political purposes, commissioner Elizabeth Denham presented the regulator’s latest update to the Department for Digital, Culture, Media & Sport Select Committee earlier today.

She said that the investigation had found “a disturbing disregard for voters’ personal privacy by players across the political campaigning ecosystem".

Enshrining the code in law would give the ICO’s current powers “a sharper edge”, the report said, “providing clarity and focus to all sectors”.

Denham said in a statement: “It will simplify the rules and give certainty and assurance about using personal data as a legitimate tool in campaigns and elections. The messaging and technologies used by political parties and campaigns will vary but they all need to be working to the same rules when it comes to data protection. It is important that those foundations are laid now.”

The ICO hopes that the code can be drawn up before the next general election, and is calling for input from "political parties, campaign groups, potential electoral candidates, data brokers, companies providing online marketing platforms, relevant regulators, thinktanks, interested academics, the general public and those representing the interests of the public”.

Denham also revealed that the ICO planned to fine pro-Brexit campaign group Leave.EU and Eldon Insurance, the company owned by Arron Banks, £60,000 each for breaches of the Privacy & Electronic Communications Regulation 2003 (PECR). The report said one million emails sent to Leave.EU subscribers contained marketing for Eldon Insurance’s firm GoSkippy, without consent.

Leave.EU has also been issued with a "notice of intent" to be fined £15,000, which the ICO says is for a separate breach of PECR following almost 300,000 emails being sent to Eldon Insurance customers containing a Leave.EU newsletter.