The Conservative Party has been fined £10,000 for sending dozens of emails in Boris Johnson’s name to people who did not want to receive them.
It was a “serious” breach of data laws, the Information Commissioner’s Office (ICO) said following an investigation.
Emails were sent, addressed to the recipients by name, over eight days in July 2019 when Mr Johnson became party leader and prime minister.
They laid out the Tory’s priorities, including on Brexit, the NHS, and police officer numbers, and urged them to join the party.
The ICO found the party had switched email provider so had not properly recorded that in 51 cases, subscribers had asked to be removed from their marketing list.
During the investigation, the party carried out an “industrial-scale marketing email exercise” during the December 2019 election, where nearly 23 million emails were sent and a further 95 complaints were raised.
Stephen Eckersley, ICO director of investigations, said: “The public have rights when it comes to how their personal data is used for marketing.
“Getting messages to potential voters is important in a healthy democracy, but political parties must follow the law when doing so. The Conservative Party ought to have known this, but failed to comply with the law.
“All organisations – be they political parties, businesses or others – should give people clear information and choices about what is being done with their personal data. Direct marketing laws are clear and it is the responsibility of all organisations to ensure they comply.
“The sending of nuisance marketing emails is a real concern to the public and the ICO will continue to take action where we find behaviour that puts people’s information rights at risk.”
The ICO said of the 1,190,280 marketing emails sent by the party between 24 July and July 31 2019, it was not possible to say for certain how many were validly sent “because the party has not been able to provide sufficient or clear evidence as to the extent to which lawful and valid consent was provided for all of those emails”.
It accepted some would have been sent legitimately, especially to party members, but 549,030 non-members received emails where consent would be required.
The ICO added that it is not the first time concerns have been raised over the Conservative Party’s handling of data.
It also said the party had been slow to respond to the investigation and had “repeatedly failed to provide responses within time periods set, even when those periods were extended”.