Information Commissioner's Office
Nine points EU referendum campaign groups should remember if they don’t want to break the rules
With reports suggesting the UK could go to the polls this year for the EU referendum, campaign groups are already starting to mobilise support.
The Information Commissioner’s Office (ICO) therefore wants to remind campaigning groups and political parties that they must comply with data protection and electronic marketing rules in the lead up to the referendum.
Contacting an individual by text, phone call, email or fax to promote a political view in order to gain support at the ballot box is “direct marketing” and this is regulated by law.
Communicating with voters is vital to the health of our democracy but if a party or organisation fails to comply with the law they may face enforcement action from the ICO as well as reputational damage to their campaign.
That’s what happened when we took enforcement action against the Better Together campaign during the Scottish independence referendum. In that case Better Together agreed to sign an undertaking after contracting a third-party to send 300,000 text messages to individuals without adequately checking whether they had consented to being contacted.
In the run up to the referendum, we’d like to remind campaigning organisations of these nine key points from our published guidance:
- Only send marketing emails and texts to individuals who have consented to contact of that sort from your organisation.
- Don’t phone individuals if there are grounds for believing they would not want your organisation to contact them, such as being registered with the Telephone Preference Service.
- Only make automated phone calls to individuals who have consented to receiving automated calls from your organisation.
- Identify your organisation in any communication and provide contact details to allow individuals to easily opt out of unwanted direct marketing.
- When collecting information from individuals make sure you include clear and prominent privacy notices. These should tell people who you are and what you are going to do with their information.
- If you are compiling databases of supporters and potential supporters, you must ensure you treat individuals fairly, including only processing personal data in a way that an individual would expect.
- Make sure you screen any lists of people’s contact details you’ve bought in for valid consent.
- You should carefully design any viral marketing processes to ensure that they comply with the consent requirements of the law and assess the risk of distress that can come from misuse.
- Any new groups formed to campaign in relation to the EU referendum must register with the ICO if they are processing personal data. Information about registering with the ICO can be found on our website ico.org.uk.
Any consent must be clear, informed and freely given. More information about this, and how to comply with the electronic marketing and data protection rules, can be found in the ICO’s Guidance on Political Campaigning.
Political parties and campaign organisations will be under intense media and public scrutiny in the period leading up to the EU referendum. We advise them to consult our guidance or contact us for further advice in the first instance, rather than risk a complaint from disgruntled voters..
Latest News from
Information Commissioner's Office
Share information to protect children and young people at risk, urges UK Information Commissioner15/09/2023 10:15:00
Organisations will not get in trouble if they share information to protect children and young people at risk of serious harm, the UK Information Commissioner’s Office (ICO) has promised.
Former social services council employee fined for unlawfully accessing sensitive personal data14/09/2023 09:15:00
A former family intervention officer at St Helens Borough Council has been sentenced for unlawfully accessing social services records.
UK Information Commissioner and NCSC CEO sign Memorandum of Understanding13/09/2023 13:10:00
The UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC), Lindy Cameron, yesterday signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate.
ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security07/09/2023 16:20:00
The Information Commissioner’s Office (ICO) is reviewing period and fertility apps as new figures show more than half of women have concerns over data security
ICO publishes new guidance on sending bulk communications by email31/08/2023 16:20:00
The Information Commissioner’s Office (ICO) yesterday issued a warning to organisations to use alternatives to the blind carbon copy (BCC) email function when sending emails containing sensitive personal information, following a catalogue of business blunders.
Joint statement on data scraping and data protection25/08/2023 09:10:00
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.
One in three young people falling prey to ‘text pests‘ as ICO calls for victims to come forward22/08/2023 14:10:00
The Information Commissioner’s Office (ICO) has today launched a call for victims of so-called ‘text pests’ to come forward to help the regulator gather evidence of the impact of this illegal behaviour.
ICO consultation on the draft biometric data guidance18/08/2023 12:25:00
The Information Commissioner’s Office (ICO) is producing guidance on biometric data and biometric technologies.