ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

An investigation conducted by the Information Commissioner’s Office (ICO) into a data breach suffered by Leave.EU has left the pro-Brexit campaign group with a huge financial penalty.

Fines totalling £135,000 have been imposed upon Leave.EU as well as an insurance company owned by the organisation’s founder Arron Banks, due to the illegal use of personal data through political campaigning, the BBC news website reports.

An ICO probe found that over one million subscribers to Leave.EU were sent marketing materials to promote the Eldon Insurance company’s GoSkippy services.

Mr Banks said that the ICO had found his firm may have “accidentally sent a newsletter to customers”, but added that “no evidence of a grand data conspiracy” had been uncovered.

Mr Banks remarked, “Gosh, we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?”

The ICO report

In one of the most complex data protection reports it has undertaken to date, the ICO said that many of the claims involved had taken place in the glare of the public eye.

In the case of Leave.EU, the regulator said it had uncovered a “disturbing disregard for voters’ personal privacy”.

The probe was initiated following reports about the activity of data analysis firm, Cambridge Analytica, which the ICO would have hit with a big fine had the company not already been in administration.

According to the BBC, the ICO report also states that Leave.EU and Cambridge Analytica “did not pursue a working relationship once Leave.EU failed to obtain designation as the official leave campaign for the 2016 referendum.”

Apparently, Leave.EU had looked into setting up a new entity to analyse data for political purposes, but no proof existed that this had taken place.

Both Leave.EU and Eldon Insurance stand to face fines of £60,000 for the infringement of data laws, while a further penalty of £15,000 has been issued following Leave.EU’s sending of a newsletter to over 319,000 emails on the Eldon customer database without having secured the proper user consent.


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/