ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

An investigation conducted by the Information Commissioner’s Office (ICO) into a data breach suffered by Leave.EU has left the pro-Brexit campaign group with a huge financial penalty.

Fines totalling £135,000 have been imposed upon Leave.EU as well as an insurance company owned by the organisation’s founder Arron Banks, due to the illegal use of personal data through political campaigning, the BBC news website reports.

An ICO probe found that over one million subscribers to Leave.EU were sent marketing materials to promote the Eldon Insurance company’s GoSkippy services.

Mr Banks said that the ICO had found his firm may have “accidentally sent a newsletter to customers”, but added that “no evidence of a grand data conspiracy” had been uncovered.

Mr Banks remarked, “Gosh, we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?”

The ICO report

In one of the most complex data protection reports it has undertaken to date, the ICO said that many of the claims involved had taken place in the glare of the public eye.

In the case of Leave.EU, the regulator said it had uncovered a “disturbing disregard for voters’ personal privacy”.

The probe was initiated following reports about the activity of data analysis firm, Cambridge Analytica, which the ICO would have hit with a big fine had the company not already been in administration.

According to the BBC, the ICO report also states that Leave.EU and Cambridge Analytica “did not pursue a working relationship once Leave.EU failed to obtain designation as the official leave campaign for the 2016 referendum.”

Apparently, Leave.EU had looked into setting up a new entity to analyse data for political purposes, but no proof existed that this had taken place.

Both Leave.EU and Eldon Insurance stand to face fines of £60,000 for the infringement of data laws, while a further penalty of £15,000 has been issued following Leave.EU’s sending of a newsletter to over 319,000 emails on the Eldon customer database without having secured the proper user consent.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.