The UK Information Commissioner’s Office (ICO) has accused players across the political campaigning ecosystem of having “a disturbing disregard” for people’s personal privacy, following an investigation.
It comes as the organization today (6 November) published a report looking into the use of data analytics in political campaigns. The investigation looked into data companies, data brokers, social media platforms, campaign groups and political parties.
The Information Commissioner announced in May 2017 that she was launching a formal investigation into the use of data analytics for political purposes. It came after allegations about the “invisible processing” of people’s personal data and the micro-targeting of political adverts during the EU Referendum.
A separate report, Democracy Disrupted? Personal Information and Political Influence was published in July 2018, covering the policy recommendations from the investigation.
The scope of the investigation has now extended to 30 organizations and the ICO has formally interviewed 33 individuals. The organization is now working through forensic analysis of 700 terabytes of data, according to a blog.
The ICO said: “When we launched our investigation into the use of data analytics for political purposes in May 2017, we had little idea of what was to come. We were concerned about invisible processing – the ‘behind the scenes’ algorithms, analysis, data matching and profiling that involves people’s personal information. When the purpose for using these techniques is related to the democratic process, the case for a high standard of transparency is very strong.”
But the ICO found “a disturbing disregard” for voters’ personal privacy by players “across the political campaigning ecosystem”.
The report said: “We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”
The organization has already acted on breaches of the law. In October, it slapped Facebook with a maximum pre-GDPR fine of £500,000 for failing to protect user data as revealed in the Cambridge Analytica scandal.
According to the report, the ICO will fine both Leave.EU and Arron Banks’ firm Eldon Insurance a total of £135,000 and both organizations are still under investigation. At the same time, the ICO is continuing to investigate Cambridge Analytica and said it had “already identified serious breaches of data protection principles and would have issued a substantial fine if the company was not in administration”.
The ICO is also examining how the Remain side of the referendum campaign handled personal data, including the electoral roll, and will be considering whether there are any breaches of data protection or electoral law requiring further action.
Social media firms including Facebook are being criticized across the board for failing to protect user data and allowing citizens to be targeted in ways that could influence their voting decisions.
The blog said: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risks being disrupted because the average person has little idea of what is going on behind the scenes. This must change. People can only make truly informed choices about who to vote for if they are sure those decisions have not been unduly influenced.”
In order to preserve the integrity of future elections and ensure that voters are truly in control of the outcome, the Information Commissioner is suggesting a code of practice covering the use of data in campaigns and elections. The aim is to simplify the rules and give certainty and assurance about using personal data as a legitimate tool.
The ICO thinks the code should be given the same statutory footing as other codes of practice in the Data Protection Act 2018.
While Denham welcomes voluntary initiatives by the social media platforms, she said a self-regulatory approach “will not guarantee consistency, rigour or shore up public confidence”.
She has called for the UK Government to consider where there are regulatory gaps in the current data protection and electoral law landscape “to ensure we have a regime fit for purpose in the digital age”.
Election interference via tactics such as disinformation and fake news are a global issue. Denham said she wants the UK’s approach to form a blueprint to be used across the world, pointing out that the ICO’s work has already helped inform EU initiatives to combat electoral interference. In addition: “A Canadian Parliamentary Committee has recommended extending privacy law to political parties and the US is considering introducing its first comprehensive data protection law.”