ICO reports to parliament on data protection and politics and calls for code of practice

Share This Post

It was back in May 2017 when the ICO first started looking at the use of “big data” within politics, when it formally announced it will be opening a formal investigation into the use of data for political purposes on the back of the Cambridge Analytica/Facebook scandal.

Since then the ICO has investigated and taken action against a number of high profile organisations including Facebook (fined £500m last month) and SCL (the company behind Cambridge Analytica).

And this week, the ICO has issued a report to Parliament bringing their investigation and findings up to date:

We intended our investigation to be comprehensive and forensic. We have identified 71 witnesses of interest, 5 reviewed the practices of 30 organisations and are working through 700 terabytes – the equivalent of 52 billion pages – of data.

We have uncovered a disturbing disregard for voters’ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.

The ICO say the investigation has become “the largest investigation of its type by any Data Protection Authority”.

In terms of action the report highlights the action taken to date, indicates that it is considering potential criminal offences, and have focused on:

  • Failures to comply with data protection principles
  • Failures to comply with PECR
  • The relationship between GDPR and the (old) Data Protection Act 1998
  • Offences under the (new) Data Protection Act 2018 relating to obtaining and disclosing (including selling) personal data without appropriate consent

As well as the report the ICO have also launched a “call for views” on proposals for a Code of Practice for the use of personal information in political campaigns. They have the ability under GDPR to produce such Codes as they wish and this call for views is essentially asking political parties, campaign groups, electoral candidates, data brokers and anyone else involved in data relating to politics, for their opinions on their approach, the creation of the Code and what the Code might look like. Responses are being taken, online, until Friday 21st December 2018.


More To Explore


The key message from the ICO regarding the use of AI is not to forget if AI is processing personal data, then you need to

Read More »

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy