How The Daily Telegraph crossed the line on use of personal data

The Information Commissioner’s Office (ICO) is the regulator responsible for enforcing compliance with the Data Protection Act 1998 and additional legislation that builds on the Data Protection Act such as the Privacy and Electronic Communications Regulations (PECR).

It seemed that almost every week during 2015 there was another report of personal data being lost, leaked, hacked or abused. And so the ICO has been busy.

Just before Christmas, the ICO announced that it had imposed a fine of £30,000 on The Daily Telegraph for crossing the line on its use of personal data.

The Daily Telegraph subscribers had signed up to receive daily e-bulletins of news. On 7 May 2015, the e-bulletin included an attachment, being a letter from the editor of The Daily Telegraph, Chris Evans, urging readers to vote Conservative.

When the ICO investigated, they heard that Mr Evans’ letter was only added to the usual mailing after a last-minute instruction from the editorial team. Pressure to send out the e-bulletin quickly meant that there was not enough time to consider whether subscribers had given their permission to receive the letter.

Following their investigation, the ICO decided that people had signed up to The Telegraph’s email service to catch up on news and find out about subjects that interested them. They had not signed up to be part of a direct marketing campaign on how they should vote in the general election.

The moral of the story: if a business or other organisation wants to make use of personal data, it must first check that the individual concerned has consented to that use.