Skip to main contentSkip to navigationSkip to navigation
Print subscriptions
Sign in
Search jobs
Search
The Guardian - Back to homeThe Guardian
AggregateIQ’s chief operating officer, Jeff Silvester, during a news conference in Canada in 2018
AggregateIQ’s chief operating officer, Jeff Silvester, during a news conference in Canada in 2018. Photograph: Chris Wattie/Reuters
AggregateIQ’s chief operating officer, Jeff Silvester, during a news conference in Canada in 2018. Photograph: Chris Wattie/Reuters

Brexit data firm broke Canadian privacy laws, watchdog finds

This article is more than 4 years old

AggregateIQ, hired by Vote Leave in 2016, failed to ensure authorisation to disclose UK voter information

The Canadian data firm AggregateIQ (AIQ) broke privacy laws with some of the work it did for a leading pro-Brexit group in Britain and a number of US political campaigns, according to a watchdog’s official report.

Canada’s federal privacy commissioner, Daniel Therrien, along with his counterpart in the province of British Columbia, said on Tuesday that AIQ had not taken measures to ensure it had the authority to disclose UK voter information.

“Canadian organizations operating globally... must ensure they understand and comply with their legal responsibilities in Canada, even when they are operating in foreign jurisdictions,” said Michael McEvoy, the British Columbia privacy tsar.

AggregateIQ: the obscure Canadian tech firm and the Brexit data riddle
Read more

AIQ was hired in 2016 by Vote Leave, which campaigned for Britain to leave the European Union, to draw up Facebook advertisements aimed at potential voters. AIQ, based in British Columbia, used data gathered online by Vote Leave, which it disclosed to Facebook.

The privacy commissioners found Vote Leave had not explained to respondents that their information might be shared with Facebook, and AIQ did not do enough to make sure it had the right to use the information.

The watchdog’s report said: “When the company used and disclosed the personal information of Vote Leave supporters to Facebook ... it went beyond the purposes for which Vote Leave had consent to use that information.”

It added: “When AIQ failed to ensure it had meaningful consent from the individuals whose personal information it collected, used, or disclosed, it contravened British Columbia and Canadian privacy laws.”

AIQ Chief Operating Officer Jeff Silvester said in an email that the firm had already implemented all of the commissioners’ recommendations.

The report expressed similar concerns about lack of consent regarding some of the work AIQ had done on campaigns in the US for Strategic Communication Laboratories, the former name of the SCL Group, the parent company of the political consultancy Cambridge Analytica.

Facebook came under pressure last year after revealing that the personal information of up to 87 million users, mostly in the US, may have been improperly shared with Cambridge Analytica.

In April, Therrien concluded in a separate investigation that Facebook committed serious contraventions of Canadian privacy law and failed to take responsibility for protecting the personal information of citizens.

Explore more on these topics
Share
Reuse this content

More on this story

More on this story

  • Hackers steal customer data from Europe’s largest parking app operator

  • Greater Manchester police officers’ data hacked in cyber-attack

  • Met police on high alert after supplier IT security breach

  • PSNI data breach: 200 officers and staff not informed about theft for month

  • PSNI and UK voter breaches show data security should be taken more seriously

  • Northern Ireland police chief urged to consider position over data breach

  • Northern Ireland police data breach is second in weeks, force reveals

  • UK data watchdog to scale back fines for public bodies

  • Marriott to be fined nearly £100m over GDPR breach

Most viewed

Most viewed