The Liberal Democrats have been found to be in breach of communications privacy law by the Information Commissioner's Office.
This follows an investigation into the party's recent use of automated phone calls to potential voters.
Paula Barrett, a partner at international law firm Eversheds, said, "This action by the ICO comes as little surprise. The Lib Dem's own publicity surrounding the calls made it clear the intention was to promote the party and Nick Clegg, not to conduct research.
"The Privacy and Electronic Communications Regulations are clear that consent is needed if you are going to use automated calling to promote a product or service, or in this case a political party."
Barrett said the speed with which the enforcement notice was issued was perhaps a public demonstration by the ICO of its desire to take decisive action on breaches of the DPA and PECR.
The ruling means that the Lib Dems now have an enforcement notice hanging over them with no expiration date. A future breach could result in criminal proceedings being brought either in the Magistrates Court or in Crown Court and fines imposed.
"Further enforcement activity can be expected against organisations that breach DPA and PECR in the coming months from the ICO as it starts to exercise new powers. The Regulatory Enforcement and Sanctions Act comes into force next month," said Barrett.
"That gives the ICO the power to issue stop-now notices and issue fixed penalties," he said.
Those available penalties have not been finalised, but the ICO has argued to have the right to fine organisations for up to 10% of their turnover.
Read more on IT legislation and regulation
General Election 2019: Which manifesto is best for the UK’s tech sector?
General Election 2019: The Lib Dems’ technology policies and digital plans
Quocirca UK ICO Watch: how likely is the ICO to clobber your organisation for a maximum fine?
Quocirca UK ICO Watch: GDPR fines may not be as scary as the vendors are telling you