As the UK heads into a General Election, understanding how political parties collect and use personal data is crucial for voters. The UK GDPR provides protections, in the form of data subject rights, but it is up to voters to exercise their rights and stay vigilant. By doing so, they can ensure their privacy is respected and contribute to a fair and transparent electoral process.
Both Labour and the Conservatives have recently been accused of breaching the UK GDPR. Last month we wrote about The Good Law Project’s challenge to the Tory’s “data harvesting” from its online tax calculator and a data breach exposed by Rachel Cunliffe, Associate Political Editor of the New Statesman. We also reported on a case where the Labour party has been accused of failing to comply with a Subject Access Request from a Palestinian activist who was ejected by police from a fund raising event.
Data Collection Methods
Political parties utilise multiple methods to gather personal data about voters.
These include:
- Electoral Registers: The most straightforward source of voter data is the electoral register, which provides names and addresses of registered voters. Political parties have legal access to the full electoral register, unlike commercial entities that can only access the edited version.
- Canvassing and Surveys: Traditional door-to-door canvassing and telephone surveys remain essential tools. Party volunteers and staff collect information directly from voters about their political preferences and concerns.
- Social Media and Online Platforms: Political parties increasingly rely on social media to gather data. Platforms like Facebook and Twitter provide rich data on user preferences, interactions, and behaviours. Parties use cookies and tracking pixels on their websites to collect additional data on visitors.
- Data Brokers: Political parties also purchase data from commercial brokers. These brokers aggregate data from various sources, providing detailed voter profiles that include demographic and behavioural information.
Data Processing and Usage
Once collected, this data is processed to create detailed voter profiles. The aim is to tailor political messages to specific segments of the electorate, enhancing the effectiveness of campaigns. Key techniques include:
- Profiling: Using algorithms and machine learning, parties analyse data to identify patterns and predict voting behaviour. This helps in segmenting the electorate into various categories based on age, gender, location, interests, and past voting patterns.
- Micro-targeting: With profiling, parties engage in micro-targeting, delivering highly personalised messages to small groups of voters. This could mean targeted social media ads, personalised emails, or direct mail tailored to specific concerns and preferences.
- Campaign Strategy: Data-driven insights influence overall campaign strategy, helping parties decide where to focus their resources. For example, identifying swing voters or areas with low voter turnout allows for more efficient campaign planning.
ICO Guidance
The ICO has long been concerned about how political parties use personal data.
In July 2018 it published a report, Democracy Disrupted, which highlighted significant concerns about transparency around how people’s data was being used in political campaigning. The report revealed a complex ecosystem of digital campaigning with many actors. In 2019, the ICO issued assessment notices to seven political parties.
Last month, the ICO published a blog on handling personal information during the election campaign to ensure expectations around compliance with the law are clear. The blog sets out answers to some of the common questions that the ICO is asked during elections and explains what voters can expect from the ICO during the
pre-election period. Last week, John Edwards, the Information Commissioner, also wrote to political parties reminding them of their data protection obligations.
This and other data protection developments will be discussed in detail on our forthcoming GDPR Update workshop.
