rost9 - stock.adobe.com

ICO launches data security campaign for UK General Election

Information commissioner Elizabeth Denham launches campaign to remind the public of their rights when personal data is used for political purposes

The Information Commissioner’s Office (ICO) has contacted all of the UK’s major political parties to remind them of their obligations when handling personally sensitive data during the General Election campaign, and has launched a campaign – dubbed Be Data Aware – to make the public aware of their rights.

The campaign includes information on how to adjust social media privacy settings; on microtargeting – targeted online adverts that analyse personal data to identify an individual’s interests; on how political candidates are permitted to carry out direct marketing activities; and on the practice of exploiting data analytics to target members of the public.

In an open letter copied to the UK’s political parties, information commissioner Elizabeth Denham wrote: “People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”

As set out in a similar letter ahead of the May 2019 European elections, previous ICO investigations into the use and misuse of data during election campaigns have found cause for concern around the use of commercial behavioural advertising techniques and the transparency of profiling activities.

Since then, the ICO has been carrying out data protection audits on several political parties – although it did not disclose which ones – and has used its findings from these audits to improve its own understanding of the data aspects of emerging campaign techniques. This has, in turn, informed the ICO’s recently published draft framework code of practice for the use of personal information in political campaigning. This framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.

“The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices,” wrote Denham. “While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.”

Read more about personal data security

  • Determining the value of consumers’ personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation.
  • Most UK consumers are still concerned about the security of their personal data, indicating that organisations need to do more to gain consumer trust, such as implementing biometric controls.
  • Many users of online search engines are still unaware that data is being collected about them for personalised advertising, a study has revealed.

In particular, the ICO warned politicians that data protection and electronic marketing laws still apply before, during and after the General Election campaign; that individuals must be provided with clear and easy-to-access information about how their data is used; that political parties must be able to demonstrate their legal compliance and the legal compliance of any third-party analytics firms they enlist; that they have appropriate consent from individuals where required; and that they identify lawful bases if processing special-category data, such as political opinions or ethnicity.

“It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout,” wrote Denham. “We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.”

Besides the three main parties, the ICO has also contacted the Brexit Party, the DUP, the Greens, the Independent Group for Change, Plaid Cymru, the SDLP, Sinn Féin, the SNP, UKIP and the UUP.

Read more on Privacy and data protection