AggregateIQ (AIQ) is the first company facing a potential fine by the Information Commissioner's Office (ICO) for non-compliance with the General Data Protection Regulation (GDPR).
An enforcement notice was sent to AIQ in July which mandated that the firm must stop processing the personal data of UK or EU citizens obtained from political groups, or face a heavy financial penalty. Although the enforcement notice was issued two months ago, it only emerged publicly in the last few days. AIQ has chosen to appeal this notice.
According to Cambridge Analytica whistle-blower Chris Whylie, AIQ used data obtained by Cambridge Analytica to build an app that targeted Republican voters in the 2016 US election.
It ran a similar campaign during the Brexit Referendum where it was paid £2.7m by the Vote Leave and BeLeave campaigns and reportedly was involved in political actions in Northern Ireland.
The company is denying any involvement with Cambridge Analytica and Facebook, saying its processes of collecting data are completely transparent.
The Canadian company was given 30 days to audit its processes before the ICO fined the firm up to £17 million, or 4% of the company's annual global turnover, whichever is higher. However, this timetable is suspended pending an appeal being heard.
The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). If you are a data processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities.
The ICO has extensive enforcement powers, which range from requiring undertakings to enforcement notices and from monetary penalties to prosecution through the criminal courts.
The Regulation Unit at Short Richardson and Forth achieve excellent results in defending clients subject to the ICO's enforcement procedures and have the expertise to advice from the outset. If you require our assistance please do not hesitate to contact our Head of Regulation – Andrew Swan at email@example.com or on 0191 2111503.