Data and Democracy in the Digital Age, a report by the Constitution Society on the effect of the use of personal data in political campaigning, has put forward six recommendations to combat the problem. The key recommendation is for political parties, their campaigns and supporters to “embrace the opportunities provided by the GDPR.”
Specifically the report authors suggest that the Information Commissioner should be invited to carry out an audit or provide an opinion with respect to the compliance of political parties, their campaigns and their supporters within data protection legislation.
"This is key for data subjects to understand who is processing their data."
The Information Commissioner should also be invited to produce new or updated guidance addressing any problems identified by the aforementioned audit or opinion with respect to political campaigning. Furthermore, campaign material should be legally required to identify its source. “This is key for data subjects to understand who is processing their data and why,” wrote the authors.
Another recommendation is for the government to reassess its position on Article 80(2) of the GDPR and incorporate it into the new Data Protection Act 2018. “Instead of including Article 80(2) now, the Data Protection Act 2018 at section 189 requires the Secretary of State to review the issue of representation of data subject,” the report stated. The review period is 30 months after section 187 comes into force.
The three authors also wrote that there should be public consultations to debate the need for political parties to have their own codes of conduct and/or that a regulator be put in place so there are “measures that control adequately the conduct of political campaigns, including data processing generally.”
The report writers also said that government should consider doing three things; introducing new spending limits - specifically related to the amounts spent on digital or data campaigns, encouraging meaningful spending transparency, and engaging with social media and digital advertising companies.
At the report launch yesterday in the House of Lords, one of the authors Julianne Kerr Morrison, a junior barrister, said that transparency is important as donations to political campaigns do not have to be in monetary form to have a strong impact. She said that a supporter of a particular party could lend their support by giving political campaigners access to datasets of their customers’ contact details, or offering the labour of a team of "data geeks".
"Data rights are a new-world expression of the right to privacy."
The report details the “Faustian Pact” of Cambridge Analytica and Facebook and the way the data of 81 million voting-age US citizens was used by the Trump campaign to target voters at an individual level. The report also looked at the allegations that Cambridge Analytica was employed by Leave.EU during the Brexit referendum.
Kerr Morrison and the other report writers, social entrepreneur Stephanie Hankey and solicitor Ravi Naik, drew two conclusions. The first is that data is an asset and once individuals understand the value of their data rights, they will assert more control within the power balance. However, it is essential that regulators and regimes are in place to ensure that this is enforceable. The second is that data rights are the next generation of human rights. “They are a new-world expression of the traditional right to privacy,” they wrote.
The day after the report was published, the ICO handed Facebook a fine of £500,000 for two beaches of the Data Protection Act 1998. The Information Commissioner Elizabeth Denham said that if the Cambridge Analytica breach had occurred after 25 May, Facebook could have faced a fine of hundreds of millions of pounds. The regulator also published its investigation into the use of data and analytics in political campaigns as suggested by the Constitution Society.