Re: Tricky but important
Excellent points.
That said, re the extraterritoriality point (2) the GDPR was enacted PRIOR to the referendum. By the time the ICO gets around to enforcement, we'll be in the enforcement phase anyway. New territory, but the ICO has options. Of course Cambridge Analytica would never interfere in elections, but if they were considering doing so then a 4% bite of worldwide revenues per election might put them off their stride.
If that won't fly, then even under existing English anyone (from your first point) feeling they've been conned might be able to do them for a couple of thousand quid each. (Since Woolley v Akram Scots law also has come up to the mark). Group litigation, anyone?
Likewise a 20 million fine of each and every manipulative political party might slow them down too. (Or else increase taxes to pay for the fines)
Biting the hand that feeds IT
