A parenting advice site has been fined £140,000 after it was accused of illegally collecting data and selling it on for use by the Labour Party, which used it to profile new mums.
Emma’s Diary gathered data on more than a million people, according to the Information Commissioner’s Office (ICO), which issued the fine.
Labour used the information in the run up to the 2017 General Election.
Previously, Lifecycle Marketing, which owns Emma’s Diary, denied wrong-doing.
It told the BBC it would be issuing a statement shortly.
Political parties commonly buy personal information to target their campaigns, but they must obtain appropriate consent from the providers.
A spokesman for Labour said: “We have neither bought nor used Emma’s Diary data since the 2017 General Election and we are in the process of reviewing our approach to acquiring data from third parties.”
“The relationship between data brokers, political parties and campaigns is complex,” said Elizabeth Denham, the Information Commissioner.
“Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”
The ICO said that Emma’s Diary originally sold 1,065,200 records to a branch of credit reference agency Experian, specifically for use by Labour.
Each record included:
- the name of the parent who had joined Emma’s Diary
- their home address
- whether children up to the age of five were present
- the birth dates of the mother and children
Labour used a database created by Experian to profile new mums.
Then, women living in areas with marginal seats were targeted with direct mail marketing by Labour.
The ICO has notified all of the UK’s 11 main political parties that it will audit their data-sharing practices in 2018.
Issuing the fine showed that the ICO was “willing to use its teeth”, said Frederike Kaltheuner at campaign group Privacy International.
“The industry is quite murky,” she told the BBC, pointing out that consumers may – for example – see statements such as “data may be shared for marketing purposes” in all sorts of places but not realise the extent of how their personal information could be used.
“I think the ICO was quite clear in their analysis… You have to be very clear and transparent about what you do with data,” she said.