The faux-Labour group ‘Labour Against Antisemitism’ – which in spite of its name has no standing with the Labour Party and which has frequently been accused of vindictive trolling on social media – was exposed this week sending unsolicited emails to CLP (constituency Labour party) secretaries in an apparent breach of data protection laws.
The group subsequently claimed, in a bizarre tweet that unilaterally and irrelevantly mentioned Israel, this was fine because it harvested the email addresses from Google:
Sorry to disappoint @skwawkbox but there was no secret conspiracy or ‘hand of Israel’ behind how we got these email addresses.
We simply found them on google.#LabourAntisemitism https://t.co/maffBVuUY9
— LAAS (@LabourAgainstAS) August 15, 2018
However, as others pointed out on Twitter – even if this claim is true, data laws do not allow such mailings without the explicit permission of the ‘data subject’ to use his/her email address for that specific purpose, which many CLP secretaries claimed they had not given.
Now another apparent breach has emerged, in the form of an attempt by the group to ‘name and shame’ a Labour NEC (National Executive Committee) member who had simply asked to be removed from its email list.
When Darren Williams – who does not seem to have ever asked to be included in LAAS mailings – asked to stop receiving them, as he had every right to do, instead of simply complying as data laws require, LAAS tweeted a screengrab of his request with a snide comment:
Under UK data protection laws, data breaches can attract huge fines imposed by the Information Commissioner, as well as incurring police action.
LAAS was contacted for comment on its cavalier approach to data and data protection in the case of Darren Williams. The group has not responded.
The SKWAWKBOX needs your support. This blog is provided free of charge but depends on the generosity of its readers to be viable. If you can afford to, please click here to arrange a one-off or modest monthly donation via PayPal. Thanks for your solidarity so this blog can keep bringing you information the Establishment would prefer you not to know about.
If you wish to reblog this post for non-commercial use, you are welcome to do so – see here for more.
Call their bluff. Anyone that has received an unsolicited email from them demand that they send you a screenshot of your email address that is supposedly available on google
Oh look how they try to slyly accuse you and that other person of antisemitism… pathetic.
And it has not been shown, clearly, or at all, that Labour is institutionally antisemitic. They keep repeating that lie. Won’t make it true.
Stuff like that undermines and harms the tackling of any kind of antisemitism we may have in the party.
So, according to the LAAS, anyone who wishes to exercise their right under the GDPR is acting anti-semitically? Didn’t the European Parliament consult the LAAS before publishing such a law? Dear me, what is the world coming to! Of course, it may have been difficult for the EU lawmakers to contact this group, as Skwawkbox has found …
Just initiate a case with the Information Commissioner , and surprised that Labour’s lawyers haven’t started proceedings for miss-use and for “passing themselves off ” as anything to do with Labour ?
This group are guilty of multiple breaches of current data protection law. You correctly highlight the sending of unsolicited emails and harvesting data, but also publicly revealing that someone is on your mailing list, especially given that they have asked to be removed, a request that legally has to be complied with (not many places are more public than twitter!) is illegal. Both in my paid role at James and Sons and in my volunteer role as NAS West Norfolk branch secretary I am responsible for data protection, so I have to know precisely what I can and cannot do. In view of the aggravating factors (the implication that Skwawkbox and others questioning them are antisemitic being the major one) and the general attitude displayed by this group it is hard to see a court case should it eventuate resulting in anything but the maximum punishment being handed out.
I have just searched the Information Commissioners’ on line ‘Data Protection Public Register’ that all data controllers are required to ensure that they are recorded in and I can’t find any entry for LAAS. Whatever could this mean?
Proceedings should be instigated with ICO https://ico.org.uk/make-a-complaint// I also wonder whether the use of ‘Labour’ in this context and its implication as an officialy sanctioned body can and should be challenged.
In our CLP both Sec and Chair were spammed .
Complaints will be made.
More significant than data protection, these emails seem likely to meet the definition of “direct marketing by means of electronic mail”. This would engage para 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), which seems to be enforced much harder than the data protection rules by the ICO.
In particular the ICO’s “Guidance about the issuing of monetary penalties” notes that since 2015 there is no longer “a requirement to demonstrate substantial damage and substantial distress in PECR cases”, which removes one hurdle to the ICO imposing a penalty.
Note the direct marketing rules do apply to political groups – the guidance says: “Direct marketing is not limited to advertising goods or services for sale. It also includes promoting an organisation’s aims and ideals. This means that the direct marketing rules in the DPA and PECR will apply to the promotional, campaigning and fundraising activities of not-for-profit organisations.”