Home » Cybersecurity » Data Security » ICO to Fine Baby Club £140K for Illegally Sharing Data with Labour Party

ICO to Fine Baby Club £140K for Illegally Sharing Data with Labour Party

The Information Commissioner’s Office (ICO) announced its decision to fine a baby club £140,000 for illegally sharing individuals’ personal data with the Labour Party.

The United Kingdom’s data watchdog said it intends to impose the penalty as a result of Lifecycle Marketing (Mother and Baby) Ltd (“LCMB”) failing to fulfill its responsibilities as a data controller, as defined by the Data Protection Act 1998. Specifically, the ICO expressed that LCMB didn’t comply with the Act’s first data protection principle requiring data controllers to obtain data subjects’ consent for the fair processing of their personal information.

In its Notice of Intent, the ICO explained that LCMB, a firm which specializes in engaging new and expectant mothers under the umbrella of Emma’s Diary, provided 1,065,220 data records to Experian Marketing Services in May 2017. The agreement stated that Experian Marketing Services would provide the records consisting of names, addresses, dates of birth and other information to the Labour Party. The purpose of the agreement was to assist the Labour Party with a direct marketing mail campaign for a general election in 2017.

The agreement went ahead as planned, with LCMB telling the ICO in January 2018 that “the usage of the mums’ data is fully outlined within or Privacy Policy.” But the ICO found that to not be the case. At the time of the agreement with Experian Marketing Services, the UK watchdog found no indication in the privacy policies of either LCMB’s offline registration form or its website that the baby club reserved the right to share data with political parties.

LCMB did add a relevant clause to its privacy policy sometime in January 2018, but the ICO believes this change was made in response to its investigation.

A spokeswoman for the baby club said the ICO’s Notice of (Read more...)