Canadian watchdog says Brexit data firm broke privacy laws

AggregateIQ didn't do enough to ensure it had the right to share voter information with Facebook, report says

A Canadian data company that worked with a leading pro-Brexit group broke privacy laws, according to a report by Canada's federal privacy commissioner.

AggregateIQ (AIQ), which also worked with a number of US political campaigns, did not take adequate measures to ensure it had the authority to disclose voter information, the report said. 

The firm was hired by Vote Leave in 2016 to create Facebook advertisements aimed at potential voters. The British Columbia-based business used online data gathered by Vote Leave and disclosed it to Facebook. 

However, the pro-Brexit group hadn't explained to respondents that their information might be shared with the social network, according to the commissioner's report, and AIQ didn't do enough to make sure it had the right to use the information. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The report also cited concerns about AIQ's work with US election campaigns, particularly with the Strategic Communications laboratories – the former name of the SCL Group, the parent company of Cambridge Analytica

"When the company used and disclosed the personal information of Vote Leave supporters to Facebook... it went beyond the purposes for which Vote Leave had consent to use that information," the report said, according to The Guardian.

"When AIQ failed to ensure it had meaningful consent from the individuals whose personal information it collected, used, or disclosed, it contravened British Columbia and Canadian privacy laws."

AggregateIQ was the first firm to be hit with a GDPR enforcement notice back in September 2018. This was handed to it by the UK's own data regulator, the ICO. The notice was sent in July and said the firm must stop processing the personal data of UK or EU citizens obtained from political groups, or face a heavy financial penalty. 

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

The ICO also fined the Vote Leave campaign £40,000 in March 2019 for sending unlawful and unsolicited text messages prior to the EU referendum. 

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/data-protection/354492/currys-pc-world-parent-firm-hit-with-ps500k-fine-over
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020
Visit/security/ransomware/354483/travelex-disruption-caused-by-devastating-ransomware-attack
ransomware

Travelex disruption caused by devastating ransomware attack

8 Jan 2020