Facebook is examining a commercial arrangement between Irish news website Gript and a company linked to Cambridge Analytica which breached privacy laws during the Brexit referendum campaign in 2016.

A spokeswoman for the social network confirmed that it was “looking into” the relationship between the news website and Canadian firm AggregateIQ (AIQ), which it suspended from its platform in 2018 following claims AIQ had “improperly received” Facebook user data.

It is understood Facebook is examining whether the relationship between AIQ and Gript, which was launched last year with funding provided by the anti-abortion lobby, raises any issues in light of the ban.

Gript’s editor, John McGuirk, on Thursday night said that AIQ does not have any access to his website’s social media data. He said the firm was helping his publication attract new readers by analysing data from its current readership. “What we’re trying to do in getting as much data as possible [about readers] is profile them, figure out the common threads that bring them to us, and reach other readers and bring them to us,” he told The Irish Times.

The Canadian federal privacy commissioner found that work done by AIQ during the Brexit campaign had breached Canada’s privacy laws. The UK Information Commissioner’s Office also found that AIQ’s actions were not in compliance with strict European data protection laws during the campaign, a finding which the company is appealing.

Vote Leave

The firm was paid £2.7 million by Vote Leave to target ads during the Brexit campaign. It also received £33,000 from the DUP for work done before the vote.

Mr McGuirk declined to say how much he was paying the firm, saying “you invest in the best tools available if you want to accomplish something in the long term”.

Privacy and security experts said the available evidence suggested significant data on Gript users was being gathered. Chris Vickery, director of cyber risk research with UpGuard, who first identified the link between the two companies, said the code he saw on the Irish site was similar to that used on Brexit-related campaign sites, and suggested the firm is “harvesting everything imaginable”.

Mr McGuirk said that “it is not unusual for websites to harvest data on their visitors, and yes, we are doing that, as most sites do”. He said the data is not being matched with other databases – such matching techniques have proved controversial elsewhere when used during elections.

Rory Byrne, co-founder of Irish firm SecurityFirst, which provides tools to help human rights defenders with their online security, said AIQ’s sophisticated techniques and micro-targeting “represent a worrying mix of technology that the Irish political system is not currently capable of regulating”.