Canadian watchdog says Brexit data firm broke privacy laws

AggregateIQ didn't do enough to ensure it had the right to share voter information with Facebook, report says

A Canadian data company that worked with a leading pro-Brexit group broke privacy laws, according to a report by Canada's federal privacy commissioner.

AggregateIQ (AIQ), which also worked with a number of US political campaigns, did not take adequate measures to ensure it had the authority to disclose voter information, the report said. 

The firm was hired by Vote Leave in 2016 to create Facebook advertisements aimed at potential voters. The British Columbia-based business used online data gathered by Vote Leave and disclosed it to Facebook. 

However, the pro-Brexit group hadn't explained to respondents that their information might be shared with the social network, according to the commissioner's report, and AIQ didn't do enough to make sure it had the right to use the information. 

The report also cited concerns about AIQ's work with US election campaigns, particularly with the Strategic Communications laboratories – the former name of the SCL Group, the parent company of Cambridge Analytica

"When the company used and disclosed the personal information of Vote Leave supporters to Facebook... it went beyond the purposes for which Vote Leave had consent to use that information," the report said, according to The Guardian.

"When AIQ failed to ensure it had meaningful consent from the individuals whose personal information it collected, used, or disclosed, it contravened British Columbia and Canadian privacy laws."

AggregateIQ was the first firm to be hit with a GDPR enforcement notice back in September 2018. This was handed to it by the UK's own data regulator, the ICO. The notice was sent in July and said the firm must stop processing the personal data of UK or EU citizens obtained from political groups, or face a heavy financial penalty. 

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

The ICO also fined the Vote Leave campaign £40,000 in March 2019 for sending unlawful and unsolicited text messages prior to the EU referendum. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021