Retired solicitor DAVID WHITE has been investigating a strange ambivalence towards upholding the law shown by the local MP and the Mayor of London
Just before the London Mayoral elections in May this year, I received two emails from Boris Johnson urging me to vote for him.
Nothing very startling about that, you might think, apart from the fact that I have been a member of the Labour party for more than 40 years. So I was probably not the most obvious person to approach to persuade or encourage to vote for a Conservative candidate as the Mayor of London.
It set me wondering how Boris had obtained my private email address. I had never given it to Boris or to the Tory party, nor authorised them to email me political literature.
When I recounted what had happened on Twitter, it was soon apparent that I was not the only one to have received unsolicited political party propaganda via email. And the one thing we all had in common is that we all lived in Croydon Central constituency and had emailed Gavin Barwell, in his capacity as MP.
Importantly, though, none of us had authorised our email addresses to be passed on to anyone. I, for one, had been reassured by the specific statement by Barwell on his website, where he stated that anyone signing up for his regular constituency email bulletin would not have their personal information passed on to any third parties.
Boris Johnson: grateful for all help received to get him re-elected as Mayor
I was aware that, under the Data Protection Act, MPs and others who hold personal information have to be registered with the Information Commissioner’s Office, and that it is illegal for them to pass on data to third parties unless this is specifically authorised.
So we asked Gavin Barwell to explain what had happened. Initially, Barwell claimed, apparently in all seriousness, that it must have been the Labour party who had passed on the email addresses to Boris Johnson.
On May 2, I was at a meeting in Park Hill which our local MP was attending. So I spoke to Barwell about this matter, and he asked me to forward the Boris emails to him and promised to look into the matter.
After about four weeks, I had heard nothing from Barwell. So I emailed him. No reply.
On June 26, I sent him a Direct Message on Twitter. Again no reply.
I wrote to the ICO. They said they needed more evidence that confidential information had been passed on by Barwell and suggested that I put in a “subject access request” to Boris Johnson and/or the Conservative party, asking what information they held about me and how they had got hold of my email address.
When I did this, I received a letter from Simon Day, the finance and compliance director of the Conservative party, demanding a £10 fee before they would even give me the courtesy of a reply. Although this is not illegal, it seemed to me outrageous that they should make a charge for supplying my own information. Nevertheless I was determined to see this through, so I sent a cheque for £10.
The Conservative party then delayed for the maximum time permitted by law. After 40 days, they wrote: “Your email address was entered onto the ERM (Electoral Relationship Management) system by a user at the Croydon Conservative Federation on 19 January 2012. They are unable to clarify where your email address was obtained from”.
I have now collected statements from some of the other Croydon Central residents whose email addresses have been misused, and I have sent all the evidence to the ICO. I believe the evidence shows there is no possible source for the information other than Gavin Barwell MP, or someone working for him.
Gavin Barwell has already fallen foul of the Data Protection Act on at least two occasions, including the recent case where it was revealed that he failed to register as a data controller for more than two years after being elected to Westminster. Although he had broken the law, he escaped a fine.
To adapt the words of Lady Bracknell, one brush with the Data Protection Act might seem to be a misfortune, but three times looks like carelessness.
Shouldn’t the Conservatives, Boris Johnson and Gavin Barwell, as a party of government, as the Mayor of London or as a local MP, be more respectful of data protection legislation?
And if things go wrong, shouldn’t they be prepared to apologise promptly and investigate properly, rather than putting every possible obstacle in the way of those whose information they have misused?
- Inside Croydon: For comment and analysis about Croydon, from inside Croydon
- Post your comments on this article below. If you have a news story about life in or around Croydon, a residents’ or business association or local event, please email us with full details at inside.croydon@btinternet.com
Related articles
- Plot to oust David Cameron revealed (guardian.co.uk)
Gavin Barwell is apparently not fit to be a Member of Parliament.
So the Conservative Association in Croydon will not propose him as its candidate at the next General Election. Or if it does, the electors of Croydon Central will vote him out of office.
Beware of low-flying pigs.
Is that the same Croydon Conservatives Association who turned a blind eye to the expenses fiddling of Richard Ottaway and endorsed him to stand as candidate in 2010?
Law and order?
High standards of public conduct?
The best traditions of public service?
It is not unknown for “The Federation” to dispose of sitting MPs
Thank you for this information, David.
It is truly outrageous that you were required to pay a tenner for this information. However; now this information is out, it is down to Gavin Barwell MP to identify the ‘offender’ and ensure that proper training is provided to staff in his office.
What is unforgivable is the apparent abuse of the DPA. It also demonstrates a worrying disregard for the very reasons laws such as the DPA were introduced. Apparently not to prohibit unsolicited email or contact from Croydon Conservatives. I would like to see that clause in the legilslation.
Rest assured, however, that should the Labour party have acted in this highly immoral and unprofessional manner, those employed by Mr Barwell would have been all over the incident like a rash. As the Labour Group Chief Whip in Croydon, I can assure your readers that we would have taken swift action. Maintaining standards in public life is the very least people expect from us.
Croydon Conservatives’ standards in public life leave a lot to be desired. Episodes such as this may well result in the culprits getting away with it, but it reflects very badly on them.
To be honest, I am surprised that other Croydon media outlets have not picked up on this story.
I hope to be pleasantly surprised.
Cllr Pat Ryan, Upper Norwood Ward
I doubt the email appeal was truthful either.
Can you insist they remove you from this and all the other lists it undoubtedly feeds? Else Lord Ashcroft may be congratulating you on your birthday etc…
In reply to quietzaple, I believe Mr Barwell has now removed people from the offending lists.
However I would still like to know how people who wrote to their MP about a constituency matter, or putting their views on some issue, had their details passed on to Boris Johnson who then sent out party political propaganda.
This clearly appears to be a breach of the Data Protection Act and the failure of Mr Barwell to investigate properly is a matter of concern.
The ICO’s websites does make very clear that a normal Subject Access Request will attract a fee of £10 (some types of information can cost up to £50 to obtain) which is to cover the administrative charges, time and (if appropriate) postage costs that can be incurred.
Having worked for both financial firms and the regulator for many years, I have dealt with several SARs and can assure you that most eligible firms receive hundreds of them, mostly for utterly spurious reasons, every year. Generally a SAR will actually cost far more than £10 in the time it takes for staff to gather the required data and then put it into a legible format. I do not know of any circumstances under which a firm would forego charging this nominal fee.
Also, the ICOs website also explains that any organisation only requires explicit consent to share ‘confidential or sensitive information’. An email address does not fall into either of these categories.
As you note, explicit consent is required of any data holder before confidential information can be shared with third parties.
In the case of Gavin Barwell MP, people signed up online for his email bulletin understanding that there was a firm undertaking given that email addresses would not be shared at all.
An email address that you freely provided is unlikely to be classed as confidential information.
You seem to be missing the point. The email addresses were only provided because the assurance was offered in advance that these details would not be shared with third parties. How they are classified is of less relevance than the assurance offered, and broken.
Apologies, in that case you are correct.
In reply to rammsteingirl, the Data Protection Act covers all “personal data”, not just sensitive or confidential data. This certainly includes email addresses.
It is true that the Act allows individuals or organisations to charge up to £10 for dealing with a subject access request. However this is not always charged. For example the GLA informed me they do not generally make a charge. Where an enquiry is clearly not vexatious or frivolous it seems to me very unfair if a political party imposes a charge.