Canadian watchdog says Brexit data firm broke privacy laws

AggregateIQ didn't do enough to ensure it had the right to share voter information with Facebook, report says

A Canadian data company that worked with a leading pro-Brexit group broke privacy laws, according to a report by Canada's federal privacy commissioner.

AggregateIQ (AIQ), which also worked with a number of US political campaigns, did not take adequate measures to ensure it had the authority to disclose voter information, the report said. 

The firm was hired by Vote Leave in 2016 to create Facebook advertisements aimed at potential voters. The British Columbia-based business used online data gathered by Vote Leave and disclosed it to Facebook. 

However, the pro-Brexit group hadn't explained to respondents that their information might be shared with the social network, according to the commissioner's report, and AIQ didn't do enough to make sure it had the right to use the information. 

The report also cited concerns about AIQ's work with US election campaigns, particularly with the Strategic Communications laboratories – the former name of the SCL Group, the parent company of Cambridge Analytica

"When the company used and disclosed the personal information of Vote Leave supporters to Facebook... it went beyond the purposes for which Vote Leave had consent to use that information," the report said, according to The Guardian.

"When AIQ failed to ensure it had meaningful consent from the individuals whose personal information it collected, used, or disclosed, it contravened British Columbia and Canadian privacy laws."

AggregateIQ was the first firm to be hit with a GDPR enforcement notice back in September 2018. This was handed to it by the UK's own data regulator, the ICO. The notice was sent in July and said the firm must stop processing the personal data of UK or EU citizens obtained from political groups, or face a heavy financial penalty. 

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

The ICO also fined the Vote Leave campaign £40,000 in March 2019 for sending unlawful and unsolicited text messages prior to the EU referendum. 

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021