Karin Larsen, writing in the CBC News »

Victoria-based AggregateIQ Data Services broke Canadian and B.C. privacy laws in work it carried out on behalf of the 2016 pro-Brexit Vote Leave campaign, as well as political campaigns in the U.S. and Canada, according to findings by the B.C. and federal privacy commissioners.

According to the reort, AIQ failed to obtain adequate consent for use and disclosure of the personal information of voters, which was used to produce microtargeted political ads.

It also said that AIQ “failed to take reasonable security measures” to protect personal information it collected in a database containing the names and contact information of 35 million people.

At a news conference, B.C. Information and Privacy Commissioner Michael McEvoy and Privacy Commissioner of Canada Daniel Therrien said even though AIQ works globally, it still must follow Canadian and B.C. privacy laws.

More » Canadian Press video, Globe & Mail, Times Colonist