Tuesday, December 24, 2024
Home > ICO > Information Commissioner reminds political parties they must comply with the law ahead of General Election

Information Commissioner reminds political parties they must comply with the law ahead of General Election

The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning. The letter was sent to the following parties:

      • Conservatives
      • DUP
      • Greens
      • Labour
      • Lib Dems
      • Plaid Cymru
      • The Brexit Party
      • The Independent Group for Change
      • SDLP
      • Sinn Féin
      • SNP
      • UKIP
      • UUP

 

“People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”

A dedicated election hub for parties and campaigns has also been created on the ICO website, along with an updated ‘Be Data Aware’ campaign for the public telling them their rights when their personal information is used for political purposes.

Following the announcement of a General Election on 12 December, I am writing to remind you of the continuing need to comply with data protection and electronic marketing laws.

People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system.

As I set out in my letter to the political parties before the elections to the European Parliament in May 2019, the ICO’s investigation into the use of data analytics for political purposes found a number of concerns relating to the use of commercial behavioural advertising techniques and the lack of transparency of profiling during recent political campaigns. The investigation identified a number of areas where action was required to improve each of the political parties’ compliance with data protection law. I outlined these concerns in warning letters to political parties in July 2018.

Following on from the warning letters, we carried out data protection audits on a number of political parties as we promised to do in our investigation report. We have been able to use some of the initial findings from these audits to improve our understanding of the data aspects of emerging campaigning techniques and current practice in political parties. We have used this knowledge to help inform our recently published draft framework code of practice for the use of personal information in political campaigning. This draft framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.

The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices. While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.

In particular I would like to emphasise five particularly important requirements:

            • Data protection and electronic marketing laws apply both before, during, and after the regulated period.
            • You must ensure that you provide individuals with clear and accessible information about how you are using their personal data including inferred data. This includes data obtained directly from individuals and that which is obtained from third parties, including data brokers. Additionally, individuals must be made aware of how their personal data is shared with social media platforms for the purposes of targeted political advertising.
            • You must be able to demonstrate your compliance with the law. And you must be able to demonstrate that any third party you use to process personal data on your behalf – including data analytics providers and online campaigning platforms – similarly complies. You must be able to provide a fully auditable record of how the personal data has been obtained and is being processed.
            • You must ensure that you have the appropriate records of consent from individuals, where required, to send political messages through electronic channels (calls, texts, emails).
            • You must identify lawful bases if you process special category data. Political opinions and ethnicity are two such special categories.

We are aware of the importance of having accessible resources on compliance for all those involved in campaigning. We have therefore set up a webpage with advice specifically for political campaigners.

People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.

It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout.

We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.

Yours sincerely,

Elizabeth Denham CBE

Information Commissioner

 

Original Source

Leave a Reply

Your email address will not be published. Required fields are marked *