November 30, 2022

Volume XII, Number 334


November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis

Talk About Ironic: Brexit Group Fined Under EU-Related Privacy Regulations

In an ironic twist, the British Information Commissioner’s Office (ICO) recently fined a Brexit advocacy group for violating regulations issued under an EU directive.  The fines, totaling £120,000,  were levied against Leave.EU and a related insurance company, Eldon Insurance, for sending marketing emails to each other’s subscribers without sufficient consent.  Leave.EU had sent marketing emails to over 300,000 of Eldon’s customers, and the two entities had carried out unlawful joint marketing campaigns through Leave. EU’s mailing list. 

The entities, which are run by the same individual, share a significant number of employees, senior employees, directors, and a corporate address.  At the time, the marketing staffs were even using the same Mailchimp account.  As a result of administrative error, a Leave.EU employee inadvertently used an Eldon distribution list to send a Leave.EU e-newsletter to nearly 300,000 of Eldon’s customers without their consent.  In addition, as part of a more coordinated marketing scheme, the parties worked together to advertise Eldon’s insurance services through Leave. EU’s weekly newsletters.

Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations of 2003 (PECR), which remains in force notwithstanding the enactment of GDPR in the EU, mandates that an organization cannot transmit, or instigate the transmission of, unsolicited marketing communications without the recipient’s consent.  Section 55A of the UK’s Data Protection Act of 1998 gives the Commissioner the authority to issue monetary penalties for any “serious contravention” of the PECR, whether deliberate or negligent.

The Commissioner found that Leave.EU contravened the PECR by failing to take reasonable steps to segregate its mailing list from Eldon’s.  The violation was magnified by the number of customers affected and Leave.EU’s failure to take reasonable steps to prevent it, such as using separate Mailchimp accounts or implementing a process for reviewing mass-marketing communications before they are sent.  The Commissioner also found that the marketing scheme instigated by Eldon through Leave.EU’s weekly newsletters lacked sufficient consent from Leave.EU’s subscribers, specifically noting that Leave.EU’s privacy policy does not identify Eldon in such a way that would suggest they could lawfully instigate direct marketing to subscribers.

As we noted in a recent Law360 Article, misuse of private data will continue to garner more attention and enforcement from regulating bodies, and increased access to data from companies creates more opportunities for data privacy violations.

Putting it Into Practice:  Companies that share personnel or are closely affiliated with other groups or companies should develop clear policies and procedures to ensure that marketing data and personal data are not inappropriately mixed.  Companies should also implement a process for reviewing mass-marketing communications before they are sent and should obtain consent before instigating marketing efforts directed towards another company’s customers.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume IX, Number 50

About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...

Emilio A. Cazares Intellectual Property Lawyer Sheppard Mullin in San Diego

Emilio Cazares is an associate in the Intellectual Property Practice Group in the firm's San Diego (Del Mar) office.

Areas of Practice

Emilio’s practice includes patent drafting, patent prosecution, patent litigation matters, and IP due diligence with a technical focus in mechanical devices, computer software, blockchain technology, medical devices, and electrical systems. He also handles a variety of trademark matters including trademark prosecution and enforcement. Emilio is dedicated to serving a wide-range of client needs with an eye towards the...