Updated Data-brokering biz Lifecycle Marketing (Mother & Baby) has been fined £140,000 by the Information Commissioner's Office (ICO) for illegally collating and flogging personal information of more than a million people.

The Buckinghamshire-based business, also known as Emma's Diary, issues advice on pregnancy and childcare. It sold the information to Experian Marketing Services, specifically for use by the Labour Party.

Brit privacy watchdog reports on political data harvests: We've read the lot so you don't have to READ MORE

A division of the credit reference agency created a database for the political party to profile new mothers in the lead up to the 2017 General Election, and to send mailers about its Sure Start Children's centres to them in areas with marginal seats.

A probe by the ICO discovered that Emma's Diary's privacy policy failed to disclose that personal data on newbie mums passed over would be used for political marketing or by political parties, breaching the Data Protection Act (DPA) 1998.

"The relationship between data brokers, political parties and campaigns is complex," said ICO chief Elizabeth Denholm. "Even though this company was not directly involved in political campaigning, the democratic process must be transparent."

This incident is wrapped up in a wider ICO investigation into the use of data analytics used by political parties, amid widespread data harvesting employed in the run up to the EU referendum by both the Leave and Remain campaigns.

The ICO said it has given notice to the UK's 11 main political parties that it will audit their data-sharing practices later this year and has multiple inquiries outstanding with data brokers, including Experian.

"All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public," added Denholm.

The ICO will monitor politicos, data sellers and online platforms to hold their feet to the fire with "new auditing and enforcement powers" should they stray into areas of illegality, she said.

The maximum fine the ICO can issue for a breach of the DPA is £500,000, a sum the watchdog has threatened to extract from Facebook over the Cambridge Analytica saga. ®

Updated to add

A spokeswoman at Lifecycle Marketing has contacted The Register to tell us that it is "fully compliant" with GDPR regulations:

“The ICO matter is related to data we provided to Experian, some of which was used by the Labour Party for a one-off mailing in connection with Sure Start Children’s Centres. We had never previously provided data to a political party and we will never do so again.

“We have always sought to fully comply with our data protection obligations, which we take extremely seriously, we are sorry that on this isolated occasion our interpretation of the DPA has not been in line with the ICO’s."