Tories fined £10,000 after sending unwanted campaign emails
ICO said the breach of data protection laws was “serious”
The Conservative Party has been fined £10,000 for sending 51 marketing emails to people who did not want to receive them.
The fine comes after an Information Commissioner's Office (ICO) investigation relating to emails sent from the Conservative Party in the name of the UK prime minister, Boris Johnson, launched in an eight-day period after he was appointed in July 2019.
The emails set out Conservative political priorities, with the last sentence including a link directing them to a website for joining the Conservative Party. The ICO found, however, that the party failed to retain clear records of the basis upon which people can consent to receive marketing emails, as required by law.
"The public have rights when it comes to how their personal data is used for marketing," said the ICO's director of investigations, Stephen Eckersley. "Getting messages to potential voters is important in a healthy democracy, but political parties must follow the law when doing so. The Conservative Party ought to have known this but failed to comply with the law.
"All organisations – be they political parties, businesses or others – should give people clear information and choices about what is being done with their personal data. Direct marketing laws are clear, and it is the responsibility of all organisations to ensure they comply."
In the eight-day period, the Conservative Party sent out 1,190,280 marketing emails but the regulator found that not all emails were in breach of the Privacy and Electronic Communications Regulations (PECR), as it's likely some of the emails will have been validly sent. Due to the lack of record-keeping, however, it wasn't possible to determine the proportion that wasn't validly sent.
Investigators concluded that the Tory Party didn't have valid consent for the 51 marketing emails received by the complainants. It also failed to ensure records of those who had unsubscribed from its marketing emails were properly transferred when it changed email provider.
During its investigations, it was determined the Conservative Party engaged in an industrial-scale marketing email exercise in the December 2019 General Election campaign, sending nearly 23 million emails. This generated a further 95 complaints, which are likely to have resulted from the party's failure to address the original compliance issues identified in July 2019.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now