Political parties face legal threat over voter data abuse

The three main political parties are being threatened with legal action over their use of personal data to build voter profiles, ahead of this week’s General Election, and have been issued with “urgent notices” to stop processing the information immediately.

Pre-action letters have been sent by the Open Rights Group to Labour, the Conservatives and the Lib Dems on behalf of three individuals who have issued data subject access requests to find out what information the parties hold but have been dissatisfied with their responses.

The letters, which were sent late last week, cite the “imminence of the election” and the “heightened processing activities” for the urgency to halt processing immediately.

Open Rights Group data and democracy project officer Pascal Crowe said the abuse of personal data was a “systemic” issue in UK politics and there were serious concerns about the legality of the parties’ practices.

He added: “We are concerned about the lawfulness of these activities and have put these concerns to the parties. Further, we are concerned what this means for democracy. Faith in democratic outcomes rests on a shared democratic process and profiling voters to create micro-targeted audiences undermines that.

“Its use is even more baffling given that we often don’t recognise our profiles. They are not even profiling accurately. But political parties are seemingly unquestioning of the authority of numbers. These techniques should not be used to determine political activity and engagement. They are dishonest, inaccurate, and anti-democratic.”

ITN Solicitors, the legal firm which was also attempting to sue Facebook over the Cambridge Analytical scandal, is leading the case, with partner Ravi Naik representing the claimants.

He said: “Political parties must be accountable for their use of data. Our clients requested their information from the parties and were presented with unclear and incomplete responses. We have therefore written to the parties, outlining our clients’ concerns about the use of their data. This includes a challenge to the legality of the wider processing activities.

“Parties seem to consider themselves as having a free pass to do as they want with personal data as they consider this in the democratic interest. However, the data protection regime exists to limit data use to prevent abuses. The democratic interest is best served by all parties respecting the law.”

Naik said that the Open Rights Group was considering “all options”, including the possibility of a High Court injunction to prevent further data processing.

All three parties deny any wrong-doing, with both the Conservatives and Labour insisting they fully comply with the law.

A spokesman for the Lib Dems said: “[We] received a request yesterday from a firm of lawyers acting for three individuals making a request in regards to the processing of their data and related questions. The Liberal Democrats take all such requests very seriously. As with other such requests, we will answer these, as required by law.”

Last month, the Open Rights Group joined forces with Privacy International, the Institute for Strategic Dialogue, Fair Vote, Who Targets Me? and Demos in a letter sent to all the main parties, demanding, among other things, that they reveal where they are sourcing their data to target voters.

At the time, Privacy International legal officer Ailidh Callander said: “The integrity of our democracy and voter trust is at stake. Our political parties need to reflect on their own practices, reflect on public concern, and reflect on why Twitter has taken the step to ban political advertising altogether.

“Our elections can’t be built on politicians exploiting our personal data. It’s a race to the bottom. We are demanding that political parties in the UK stand up for democracy by coming clean about their use of voters’ personal data, publicly committing to total transparency, and complying with data protection law.”

As a result of its year-long £2.5m investigation into the use of personal data in politics – triggered by the Cambridge Analytica scandal – the Information Commissioner’s Office claimed to have uncovered a “disturbing disregard for voters’ personal privacy” on the part of 30 organisations, including social media platforms, political parties, data brokers, and credit reference agencies.

However, so far it has only written warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices, although it is not known whether this has been completed.

Of the 30 organisations cited, only Facebook (£500,000), Emma’s Diary (£140,000), Vote Leave (£40,000), Leave.EU and insurance firm Eldon (£120,000) have faced ICO fines; the latter two are appealing the ruling at the First Tier Tribunal this week.

The only penalty that the now defunct Cambridge Analytica has faced has been for parent company SCL Elections, which paid just £21,000 – including over £6,000 in costs – for failing to comply with an enforcement notice issued by the data regulator.

The ICO did issue a warning to all political parties ahead of this election campaign but has yet to report on any breaches of the law among the main UK parties or to comment on this issue either.