Included in this issue of Data & Privacy News: AG update on Brexit and Data Protection; ICO fines Leave.EU and Eldon Insurance for unlawful marketing messages and informs of intention to audit; Westminster Magistrates fine housing developer for failure to comply with ICO notice and more...

AG update on Brexit and Data Protection

With 29 March approaching, our expert data team have pulled together a new cheat sheet on what data protection issues you need to think about in case there is a no deal Brexit.

For an easy, practical guide on how to address data protection in the event of a no deal Brexit, please click here.

If you would like any further information on this, please contact Ross McKenzie or Jenny McHattie.

ICO fines Leave.EU and Eldon Insurance for unlawful marketing messages and informs of intention to audit 

The Information Commissioner’s Office (ICO) has fined Leave.EU and Eldon Insurance a total of £120,000 for serious breaches of electronic marketing law and issued two assessment notices to the companies to inform them that they will be audited.

As part of their investigation, the ICO found that Leave.EU and Eldon Insurance were closely connected and the systems they had in place for separating personal data of insurance customers from political subscribers were ineffective. This resulted in unlawful marketing messages been sent between customers of both companies. 

During the audit, the ICO will review their data protection practices, which will involve a documentation review, as well as interviews with key employees such as directors and data protection officers. Audit findings will be made public following completion of this work.

Westminster Magistrates fine housing developer for failure to comply with ICO notice

Westminster Magistrates has fined housing developer Magnacrest Ltd for failing to comply with an enforcement notice issued by the ICO. 

The enforcement notice was sent to Magnacrest Ltd after it failed to comply with a subject access request sent on 17 April 2017. 

The ICO brought a criminal prosecution under s47(1) of the Data Protection Act 1998 when Magnacrest failed to obey the enforcement notice.

Magnacrest pleaded guilty at Westminster Magistrates on 6 February 2019 and was fined a victim surcharge of £30 and ordered to pay £1,133.75 in prosecution costs.

There are similar provisions under the GDPR which will apply for failures to implement ICO enforcement notices going forward.

German competition watchdog imposes restrictions on Facebook for combining user data

Germany's competition watchdog, Bundeskartellamt, has imposed restrictions on Facebook to stop the company from collecting and combining user data from subsidiaries such as WhatsApp and Instagram and third-party websites without consent. 

In a preliminary ruling issued in 2017, the watchdog accused Facebook of an abuse of a dominant position to "limitlessly amass" user data, a view that is echoed in this latest decision.

During the investigation, Bundeskartellamt worked closely with other European data protection authorities to conclude that Facebook's terms of service, as well as the manner and extent of its collections and data usage violated EU rules and was exploitative abuse.

Facebook plans to appeal the decision.

ICO blogs on importance of paying data protection fees 

ICO Deputy Chief Executive, Paul Arnold, has written a blog on the importance of paying data protection fees for those businesses that process personal data.

Mr Arnold said that not only is it a legal requirement to pay the fee, but it also makes good business sense. 

When a business pays their fees they are placed on a register of data controllers, which can be viewed by anyone before they decide to do business. This provides a strong message to customers that a company cares about their information and is aware of its own data protection obligations. 

The fee is dependent on how many people a business employs and their turnover, and can range from £40 per year for the smallest organisations, up to £2,900 a year for larger organisations. 

Failure to pay the fee, will result in a fine ranging from £400 to £4,000.