Labour Party repeatedly failed to meet data protection obligations – watchdog
The Information Commissioner’s Office investigation followed more than 150 complaints regarding the party’s handling of subject access requests.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The UK’s data protection watchdog has taken action against the Labour Party for repeatedly failing to respond to people who asked what personal information the organisation held on them.
The Information Commissioner’s Office (ICO) issued a formal reprimand after it was revealed that the party had not complied with its legal obligations.
Under data protection law, anyone can ask an organisation for a copy of the personal information it is using or storing on them, known as subject access requests (SAR). You also have the right to check if your personal information is accurate, or for it to be updated or deleted.
As of November 2022, the Labour Party had received 352 SARs, but 78% did not receive a response within the maximum compulsory time limit of three months, and more than half (56%) were significantly delayed by more than one year.
A cyber attack on the Labour Party in October 2021 is said to be the reason for the backlog, as this resulted in an increase of requests from the public.
The party has since assigned three temporary members of staff to tackle the outstanding requests, allocated extra funding and implemented an action plan, according to the ICO.
Deputy Commissioner at the ICO, Stephen Bonner, said: “Being able to ask an organisation ‘what information do you hold on me?’ and ‘how is it being used?’ is a fundamental right, which provides both transparency and accountability. It is vital that organisations do not underestimate the importance of responding to these requests on time.
“The public need to fully trust that a political party will handle their data correctly and respect their information rights.
“We welcome news that the Labour Party has now cleared its backlog of SARs and implemented further measures to ensure people receive a prompt response going forward.”
The ICO’s investigation followed more than 150 complaints regarding the party’s handling of SARs in the year from November 2021 to November 2022.
During the investigation, the ICO said it was also informed of the existence of a “privacy inbox” that had not been monitored by the party since November 2021.
The inbox contained approximately 646 additional SARs and approximately 597 requests for personal information to be deleted.
The ICO said it was likely that some of these may have been duplications, but that none of the requests had been responded to.