Cambridge Analytica parent fined £15,000 for non-compliance with ICO

SCL Elections breached the Data Protection Act by ignoring an enforcement issue

SCL Elections, parent company of Cambridge Analytica, has been fined £15,000 for repeatedly ignoring a request to disclose information it holds on a US citizen.

The company pleaded guilty to breaking the Data Protection Act of 1998 by failing to act on an enforcement notice issued by the Information Commissioner's Office (ICO).

The ICO had requested SCL Elections to release information on the US academic David Carroll. The American had contacted the ICO after having sent multiple enquiries to the company asking to disclose their data on his profile.

Even though the company was willing to reveal some of its data on Mr Carroll, the ICO agreed with him that it did not disclose all the information he was entitled to.

The case been complicated by the fact that SCL Elections went into administration earlier this year. The defence argued that the information on Mr Carroll was saved on servers that had been seized by the ICO.

The judge found that there was enough evidence for a "wilful disregard" of the enforcement notice issued by the ICO and ruled that the company had to pay £6,000 to cover the ICO's legal costs, along with a fine of £15,000 for failing to comply with the enforcement notice.

The prosecutor claimed that the case was "a discrete part of a broader matter" surrounding Cambridge Analytica.

The company received widespread attention last year when it was revealed that it had built an algorithm to target social media users with adverts based on their political preferences. It was accused of influencing elections in various countries including the USA, Italy, Latvia, India and South Africa. It was closed down following an undercover operation by media companies including Channel 4.

Information Commissioner, Elizabeth Denham, said in a statement: "This prosecution, the first against Cambridge Analytica, is a warning that there are consequences for ignoring the law.

"Wherever you live in the world, if your data is being processed by a UK company, UK data protection laws apply. Organisations that handle personal data must respect people's legal privacy rights. Where that does not happen and companies ignore ICO enforcement notices, we will take action."