Information Commissioner's Office
Nine points EU referendum campaign groups should remember if they don’t want to break the rules
With reports suggesting the UK could go to the polls this year for the EU referendum, campaign groups are already starting to mobilise support.
The Information Commissioner’s Office (ICO) therefore wants to remind campaigning groups and political parties that they must comply with data protection and electronic marketing rules in the lead up to the referendum.
Contacting an individual by text, phone call, email or fax to promote a political view in order to gain support at the ballot box is “direct marketing” and this is regulated by law.
Communicating with voters is vital to the health of our democracy but if a party or organisation fails to comply with the law they may face enforcement action from the ICO as well as reputational damage to their campaign.
That’s what happened when we took enforcement action against the Better Together campaign during the Scottish independence referendum. In that case Better Together agreed to sign an undertaking after contracting a third-party to send 300,000 text messages to individuals without adequately checking whether they had consented to being contacted.
In the run up to the referendum, we’d like to remind campaigning organisations of these nine key points from our published guidance:
- Only send marketing emails and texts to individuals who have consented to contact of that sort from your organisation.
- Don’t phone individuals if there are grounds for believing they would not want your organisation to contact them, such as being registered with the Telephone Preference Service.
- Only make automated phone calls to individuals who have consented to receiving automated calls from your organisation.
- Identify your organisation in any communication and provide contact details to allow individuals to easily opt out of unwanted direct marketing.
- When collecting information from individuals make sure you include clear and prominent privacy notices. These should tell people who you are and what you are going to do with their information.
- If you are compiling databases of supporters and potential supporters, you must ensure you treat individuals fairly, including only processing personal data in a way that an individual would expect.
- Make sure you screen any lists of people’s contact details you’ve bought in for valid consent.
- You should carefully design any viral marketing processes to ensure that they comply with the consent requirements of the law and assess the risk of distress that can come from misuse.
- Any new groups formed to campaign in relation to the EU referendum must register with the ICO if they are processing personal data. Information about registering with the ICO can be found on our website ico.org.uk.
Any consent must be clear, informed and freely given. More information about this, and how to comply with the electronic marketing and data protection rules, can be found in the ICO’s Guidance on Political Campaigning.
Political parties and campaign organisations will be under intense media and public scrutiny in the period leading up to the EU referendum. We advise them to consult our guidance or contact us for further advice in the first instance, rather than risk a complaint from disgruntled voters..
Latest News from
Information Commissioner's Office
Greater Manchester claims management company fined £250,000 for making millions of nuisance calls30/10/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law.
ICO takes enforcement action against Experian after data broking investigation28/10/2020 12:25:00
The Information Commissioner’s Office (ICO) orders the credit reference agency Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services.
Blog: Simplifying subject access requests – new detailed SARs guidance22/10/2020 12:25:00
The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information.
ICO fines British Airways £20m for data breach affecting more than 400,000 customers19/10/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
Blog: Engagement key in protecting people’s privacy across the UK during the pandemic14/10/2020 12:25:00
Information Commissioner Elizabeth Denham highlights the positive results of the ICO’s engagement with the UK devolved administrations on the use of data in the fight against COVID-19.
ICO takes action against company for sending spam emails selling face masks during pandemic09/10/2020 12:25:00
A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice.
Statement on the outcome of the ICO’s compulsory audit of the Department for Education08/10/2020 09:10:00
The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020.
Blog: Elizabeth Denham on the conclusion of the ICO’s investigation into the use of personal data in political campaigning07/10/2020 09:10:00
There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica.