The Labour Party has suffered an embarrassing double data cock up in responding to complaints over the party’s use of personal data. A co-conspirator complained to London Labour about using her data for advertising purposes – she had never signed up to the party. The Labour Data Protection team initially did not respond to the complaint for months – in and of itself a breach of GDPR which the ICO acknowledged. Yet it gets worse…

After the co-conspirator escalated her complaint to the ICO, the Labour Data Protection Team replied to the complaint – and a number of other people who had made complaints – but neglected to blind copy them in. Now each data complainant has the details of the other data complainants. A textbook GDPR breach and a very ironic one considering who made it…

A follow-up email was swiftly sent, admitting guilt, apologising, and asking the complainants to delete the previous email. Guido is reliably informed that this will be taken further.