Information Commissioner's Office
SCL Elections prosecuted for failing to comply with enforcement notice
SCL Elections Ltd, also known as Cambridge Analytica, has been fined £15,000 for failing to comply with an enforcement notice issued by the Information Commissioner's Office (ICO).
The company appeared at Hendon Magistrates' Court and pleaded guilty through its administrators to breaching s47 (1) of the Data Protection Act 1998.
The criminal prosecution related to the company's failure to respond to an enforcement notice issued in May 2018, which ordered the company to respond in full to a subject access request submitted by Professor David Carroll, a US-based academic.
As well as the fine, the court also ordered the company to pay £6,000 costs and a victim surcharge of £170.
Elizabeth Denham, Information Commissioner, said:
"This prosecution, the first against Cambridge Analytica, is a warning that there are consequences for ignoring the law.
"Wherever you live in the world, if your data is being processed by a UK company, UK data protection laws apply.
"Organisations that handle personal data must respect people's legal privacy rights. Where that does not happen and companies ignore ICO enforcement notices, we will take action."
The enforcement action is part of our investigation into data analytics for political purposes.
- Our investigation into Cambridge Analytica continues. We are currently working to analyse materials seized during the investigation.
- In pleading guilty, the company has accepted it should have responded fully to Professor Carroll's subject access request and the ICO's notice in the first place.
- Anyone who requests their personal information from a UK-based company or organisation is legally entitled to have that request answered, in full, under UK data protection law. This is called the right of subject access.
- Cambridge Analytica provided Professor Carroll with a spreadsheet of information it held about him when he made his original request on 10 January 2017. But it did not provide the decision making process used to create it.
- Where companies fail to meet their obligations, the ICO can issue an enforcement notice compelling them to do so. It's a criminal offence not to comply with it. SCL Elections Ltd has been successfully prosecuted for offences under section 47 (1) of the Data Protection Act 1998
- We have referred the company and its directors to the Insolvency Service.
Latest News from
Information Commissioner's Office
ICO joins the UK Regulators Network20/06/2019 12:25:00
The ICO has joined the UK Regulators Network (UKRN) as a full member.
ICO fines home security company for making thousands of nuisance calls14/06/2019 09:10:00
The Information Commissioner’s Office (ICO) has fined Smart Home Protection Ltd £90,000 for making nuisance calls to people registered with the Telephone Preference Service (TPS).
Former customer services officer fined after unlawfully accessing personal data10/06/2019 17:20:00
A former customer services officer at Stockport Homes Limited (SHL) has been found guilty of unlawfully accessing personal data without a legitimate reason to do so.
G20 Side Event - International Seminar on Personal Data05/06/2019 12:25:00
Speach given yesterday by the ICO at the G20 Side Event – International Seminar on Personal Data.
Blog: Counting the cost of accessing environmental information04/06/2019 11:10:00
Blog posted by: Gill Bull, Director of Freedom of Information, 03 June 2019.
When it comes to explaining AI decisions, context matters03/06/2019 12:25:00
Alex Hubbard, Senior Policy Officer at the ICO, looks at some of the key themes identified in the ICO and The Alan Turing Institute’s interim report about explanations of AI decisions.
Blog: GDPR – One Year on31/05/2019 09:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 30 May 2019.
Blog: ICO regulatory sandbox29/05/2019 12:25:00
Work begins on creating ICO Sandbox short list as application period closes.
Known security risks exacerbated by AI24/05/2019 09:25:00
As part of our AI auditing framework blog series, Reuben Binns, our Research Fellow in Artificial Intelligence (AI), Peter Brown, Technology Policy Group Manager, and Valeria Gallo, Technology Policy Adviser, look at how AI can exacerbate known security risks and make them more difficult to manage.