The Information Commissioner’s Office (ICO) has fined the Conservative Party £10,000 for sending unlawful marketing emails. 

Following an investigation, ICO discovered that the Conservative Party sent 51 marketing emails in the name of Rt Hon Boris Johnson MP during the eight days in July 2019 after he was elected Prime Minister.

The emails were addressed to the people they were sent by name and promoted the party’s political priorities, and included a link directing them to webite for joining the Conservative Party.

Stephen Eckersley, ICO Director of Investigations, said:

“The public have rights when it comes to how their personal data is used for marketing. Getting messages to potential voters is important in a healthy democracy but political parties must follow the law when doing so. The Conservative Party ought to have known this, but failed to comply with the law.  

“All organisations – be they political parties, businesses or others – should give people clear information and choices about what is being done with their personal data. Direct marketing laws are clear and it is the responsibility of all organisations to ensure they comply.

“The sending of nuisance marketing emails is a real concern to the public and the ICO will continue to take action where we find behaviour that puts people’s information rights at risk.”

The investigation discovered that the Conservative Party had failed to retain clear records of the basis upon people which people had consented to receive marketing emails, as required by law. 

Between 24 July and 31 July 2019 - the party sent a total of 1,190,280 marketing emails, but the ICO accept it is likely that some of the emails will have been validly.

The ICO concluded the party did not have the necessary valid consent for the 51 marketing emails received by the complainants. The party failed to ensure records of those who had unsubscribed from its marketing emails were properly transferred when it changed email provider.


PrivSec Global

Register to PrivSec Global and tune into the ”GDPR Requirements and Digital Transformation” panel discussion where speakers will discuss the challenges for GDPR compliance thrown up by the digital revolution. 

Speakers include:

  • Beatriz Ruiz-Beato, EMEA Data Protection Officer, NEC Europe Ltd
  • Jamie Hawkins, Senior Counsel Data Privacy Pearson Education Ltd

Save your seat