The Brexit Party has blamed a “co-ordinated attempt” to flood the organisation with personal data requests after being hauled up by the Information Commissioner’s Office for its failure to respond on time to one of the key tenets of GDPR.
Under the regulation, “data subject access requests” (DSARs) must be answered within a month, but it is understood that the vast majority of the Brexit Party requests date back to the European elections in May.
Using Twitter’s search function, Sky News claims to have found many pro-EU accounts calling for people to file DSARs to the Brexit Party in order to find out why they had been sent a party leaflet during the EU elections.
Most of the tweets describe wanting to know “how they got your personal details and what they’re going to do with them?”
However, Sky claims that some did suggest requests could be used to interfere with the Brexit Party’s work, and quotes one tweet which said: “European GDPR rules can be weaponised to stop political parties using our data to manipulate us.”
A Brexit Party spokesperson told Sky: “During the European elections, there was a coordinated attempt by campaigners to flood the Brexit Party with subject access requests.
“All political parties are allowed access to the electoral register so they can send literature to voters. However, inaccurate claims circulated on social media, claiming we had acquired people’s addresses improperly, led to the written requests asking for access to information.”
The party insisted it had responded to “the vast majority of the letters” and would follow any regulations set by ICO, which has reportedly given the organisation until November 22 to comply.
An ICO statement said: “As a public body the ICO has to consider its responsibilities during the pre-election period. Our regulatory work continues as usual but we will not be commenting publicly on every issue raised during the General Election.
“We will however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities under data protection and direct marketing laws.”
So far the Metropolitan Police is the only organisation to have fallen foul of the legislation, after it emerged that the force had a backlog of over 1,700 requests for copies of data.
Although the ICO has only slapped the Met with an enforcement notice, the regulator did issue a warning to companies to ensure they comply with requests within the one month time-frame or face a serious kicking for being in breach of GDPR.
Firms accused of handing out personal data willy-nilly
Met farce fuels data access request warning to brands
‘I don’t believe it’…young make most GDPR complaints
Firms face bombardment of data requests under GDPR