The Information Commissioner’s Office is ramping up its public awareness campaign - dubbed Be Data Aware - in the run up to the General Election, with the aim of reminding consumers of their rights when their personal information is used for political purposes.
The campaign, which was originally launched in May, includes information on how to adjust social media privacy settings; on microtargeting; on how political candidates are permitted to carry out direct marketing activities; and on the practice of exploiting data analytics for targeting.
The ICO has also contacted all of the UK’s main political parties to remind them of their obligations when handling personally sensitive data during the election campaign.
In the letter, Information Commissioner Elizabeth Denham wrote: “People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.
“People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system."
Beyond ensuring there are records of compliance, political parties must have appropriate records of consent from individuals in order to send political messages through various channels such as text or email.
Parties must also identify the lawful bases for processing special category data, such as ethnicity or political opinions, if applicable.
A dedicated election hub has also been created on the ICO website.
Denham continued: “It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout. We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner.”
Last year, the regulator said it had written warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices. However, it is not known whether this has been completed.