Lib Dems and Leave.EU fought regulator to resist data inquiry
Unlike others audited, the Lib Dems and Arron Banks launched court battles against the Information Commissioner’s Office to stop it doing its job
The Liberal Democrats and Leave.EU both went to court in unsuccessful attempts to resist inquiries from the Information Commissioner’s Office, a report from the ICO shows.
The ICO had to take court action to force the two groups to cooperate with a data protection audit. The regulator’s investigation covered seven main political parties, plus several Leave and Remain campaign groups – including Arron Banks’s Leave.EU.
Both the Liberal Democrats and Arron Banks (on behalf of Leave.EU) appealed in court against the ICO, rather than cooperating with the regulator from the start, as other parties had done. Both appeals were unsuccessful, although Banks is still pursuing an additional appeal, further stymying the regulator.
In February 2019, the ICO notified political parties that it wished to conduct audits of party offices around the time of the European elections in May last year. But while other parties complied, the Lib Dems took the ICO to court, delaying the investigation.
Get one whole story, direct to your inbox every weekday.
In a submission by the information commissioner Elizabeth Denham to the court, she explained that there may be “good reasons for the commissioner to conduct an audit at a time that is inconvenient to the data controller [the Liberal Democrats], as this may be the time at which the controller is less likely to comply with data protection legislation”.
The Lib Dems based their case on arguing that they were being put at an unfair disadvantage, but the commissioner showed that other parties and campaigns had been treated similarly. Although the Lib Dems lost the case, the court proceedings ended up delaying their audit until August, nearly three months after the elections, in which the party came second across the UK.
The Lib Dems threatened legal action against openDemocracy in November last year after we reported on the party’s bizarre 2016 data contract with the Remain campaign, which involved selling and maintaining an up-to-date, “enhanced” version of the electoral roll for £100,000. The ICO’s report confirmed that campaigns have a statutory right to access such data, and the Lib Dems justified the £100,000 contract on the grounds that the party had already processed the data in a “ready to go” format.
The party later abandoned its threat of legal action against openDemocracy, and then-leader Jo Swinson condemned her own party’s actions – but did not cover openDemocracy’s legal fees – after it emerged that the Lib Dems’ then head of press had forged an email to support their claim. The employee was subsequently suspended, and then resigned while an investigation was still pending.
Large fines for Leave.EU
In February 2019, the ICO formally notified the pro-Brexit campaign, Leave.EU, that it planned to audit the group as part of a wider investigation. This came on the back of complicated litigation between Banks and the ICO, including a £15,000 fine that was paid, £105,000 in fines that are still under appeal, and a complicated cross-jurisdictional piece of litigation arising from testimony before the Department of Culture, Media and Sports select committee that alleged that Banks’s organisations had shared data with the University of Mississippi. This led to unsuccessful litigation from the Fair Vote campaign to preserve the Mississippi records – a request the ICO had supported.
Leave.EU and Banks’s company, Eldon Insurance (trading as GoSkippy Insurance), appealed against the ICO’s formal notice of an intended inspection, on the grounds that they hadn’t previously been sent a “Notice of Intent” – even though this isn’t a requirement.
Banks’s colleague, Liz Bilney, argued before the tribunal that the notices from the ICO were part of a “disproportionate and politically-motivated approach to the use of the ICO’s auditing powers without any proper evidence base”.
Banks’s lawyers demanded to see the paper trail on how the decision was made to audit his organisations. The ICO admitted that there was none, and its own lawyer told the court in December; “The lack of documents around the assessment notice falls well below [expectations] of the commissioner… I accept it falls short of the standards it should have been.”
Nonetheless, while Judge Alison McKenna recognised “that the decision-making paper trail” was “lacking”, she still rejected Banks’s appeal in February 2020 – which should have let the ICO proceed with the audit.
However, after losing at the first tier of the appeals process, Banks then launched an appeal at the next level up, which is ongoing.
The information commissioner has said that, “subject to the outcome of the appeal”, she hopes to complete the remaining audits of Leave.EU and Eldon.
Mr Banks was contacted for comment, and while his spokesman acknowledged receipt of the request, no response was given. Neither Leave.EU nor Eldon responded to separate invitations to comment.
Call for ‘urgent’ reform
The ICO published its audits of the political parties on 11 November, and concluded that the UK’s main parties require “urgent” reform of their data practices. It found that the Conservatives, Labour and Liberal Democrats all supplemented their core electoral register data with commercially bought data.
As openDemocracy reported last week, the Conservatives were accused of racially profiling 10 million UK voters in 2019 – and Labour had been compiling similar data before that.
The ICO’s findings don’t make good reading for the state of British politics: 70% of all recommendations given to the seven parties were rated either “high” priority or “urgent”.
The ICO’s specific recommendations have not been divulged. The ICO chose not to publish the results of individual party audits, but to release a series of collective findings which don’t “point the finger” at any one party. Nonetheless, the ICO identified “considerable scope for improvement” and concluded that “the parties needed to take further steps”, with “a limited level of assurance that processes and procedures were in place and were delivering data protection compliance”.
The ICO’s report also stresses a record £500,000 fine paid by Facebook, a £140,000 fine paid by Emma’s Diary over data-sharing with the Labour party, a £40,000 fine paid by Vote Leave, and a £15,000 fine paid by Leave.EU.
Both Facebook and Leave.EU mounted unsuccessful legal appeals to their fines. A further £105,000 in pending Leave.EU and Eldon Insurance fines are still under appeal – £45,000 for Leave.EU and £60,000 for Eldon (which has now rebranded as Somerset Bridge Insurance).
Asked to comment, Facebook referred us to their past statements in which they highlighted that there was no evidence that the Cambridge Analytica dataset of 87 million Facebook users from the USA had ever been used in the UK, and argued that the ICO penalty “challenges some of the basic principles of how people should be allowed to share information online”. Facebook and the ICO subsequently came to an out-of-court agreement in October 2019, which involved Facebook paying the full £500,000 fine in return for making no admission of liability.
Get our weekly email