According to a report by Canada’s federal privacy commissioner, a Canadian data firm that worked with a pro-Brexit group broke privacy laws.
According to a watchdog’s official report, whilst working with a leading pro-Brexit group in Britain and multiple US political campaigns, AggregateIQ broke privacy laws by not taking measures to ensure that it had the authority to disclose voter information.
AggregateIQ had been hired by Vote Leave in 2016 to create Facebook advertisements aimed at potential voters. The company, based in British Columbia, used data gathered online by Vote Leave and disclosed it to Facebook.
In the report, it was discovered that Vote Leave did not explain to its respondents that their data might be shared with Facebook, and that AggregateIQ did not do enough to make sure it had the right to use the information.
The report said: “When the company used and disclosed the personal information of Vote Leave supporters to Facebook … it went beyond the purposes for which Vote Leave had consent to use that information.”
It added: “When AIQ failed to ensure it had meaningful consent from the individuals whose personal information it collected, used, or disclosed, it contravened British Columbia and Canadian privacy laws.”
The report also raised concerns about the lack of consent with work AggregateIQ had done on campaigns in the US for Strategic Communication Laboratories, the parent company of Cambridge Analytica.
Michael McEvoy, the British Columbia privacy tsar said: “Canadian organizations operating globally… must ensure they understand and comply with their legal responsibilities in Canada, even when they are operating in foreign jurisdictions.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/