Information Commissioner's Office
Information Commissioner reminds political parties they must comply with the law ahead of General Election
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning. The letter was sent to the following parties:
- Lib Dems
- Plaid Cymru
- The Brexit Party
- The Independent Group for Change
- Sinn Féin
“People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”
A dedicated election hub for parties and campaigns has also been created on the ICO website, along with an updated ‘Be Data Aware’ campaign for the public telling them their rights when their personal information is used for political purposes.
Following the announcement of a General Election on 12 December, I am writing to remind you of the continuing need to comply with data protection and electronic marketing laws.
People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system.
As I set out in my letter to the political parties before the elections to the European Parliament in May 2019, the ICO’s investigation into the use of data analytics for political purposes found a number of concerns relating to the use of commercial behavioural advertising techniques and the lack of transparency of profiling during recent political campaigns. The investigation identified a number of areas where action was required to improve each of the political parties’ compliance with data protection law. I outlined these concerns in warning letters to political parties in July 2018.
Following on from the warning letters, we carried out data protection audits on a number of political parties as we promised to do in our investigation report. We have been able to use some of the initial findings from these audits to improve our understanding of the data aspects of emerging campaigning techniques and current practice in political parties. We have used this knowledge to help inform our recently published draft framework code of practice for the use of personal information in political campaigning. This draft framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.
The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices. While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.
In particular I would like to emphasise five particularly important requirements:
- Data protection and electronic marketing laws apply both before, during, and after the regulated period.
- You must ensure that you provide individuals with clear and accessible information about how you are using their personal data including inferred data. This includes data obtained directly from individuals and that which is obtained from third parties, including data brokers. Additionally, individuals must be made aware of how their personal data is shared with social media platforms for the purposes of targeted political advertising.
- You must be able to demonstrate your compliance with the law. And you must be able to demonstrate that any third party you use to process personal data on your behalf – including data analytics providers and online campaigning platforms - similarly complies. You must be able to provide a fully auditable record of how the personal data has been obtained and is being processed.
- You must ensure that you have the appropriate records of consent from individuals, where required, to send political messages through electronic channels (calls, texts, emails).
- You must identify lawful bases if you process special category data. Political opinions and ethnicity are two such special categories.
We are aware of the importance of having accessible resources on compliance for all those involved in campaigning. We have therefore set up a webpage with advice specifically for political campaigners.
People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.
It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout.
We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.
Elizabeth Denham CBE
Latest News from
Information Commissioner's Office
Blog: Community groups and COVID-19: what you need to know about data protection01/04/2020 09:10:00
Blog posted by: Ian Hulme, Director for Regulatory Assurance at the ICO, 30 March 2020.
Statement in response to the use of mobile phone tracking data to help during the coronavirus crisis30/03/2020 12:25:00
The ICO’s Deputy Commissioner Steve Wood recently responded to the use of mobile phone tracking data to help during the coronavirus crisis.
Blog: Community groups and COVID-19: what you need to know about data protection27/03/2020 13:20:00
A blog by Ian Hulme, Director for Regulatory Assurance at the ICO.
Council employee fined £400 for illegally deleted audio file16/03/2020 10:25:00
A council employee has been fined £400 for an offence under the Freedom of Information (FOI) regulations.
Data protection and coronavirus12/03/2020 15:25:00
We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater.
Blog: Don’t get caught out when it comes to pupil photos10/03/2020 15:10:00
Blog posted by: Andrew Laing, ICO Head of Data Protection Complaints, 09 March 2020.
Combining privacy and innovation: ICO Sandbox six months on10/03/2020 12:25:00
It’s been an exciting, interesting and challenging first six months for the ICO Sandbox – both for those externally involved in the various projects and for the ICO staff working on the scheme. Ian Hulme discusses the progress so far.
The ICO and the Office of the Australian Information Commissioner sign Memorandum of Understanding06/03/2020 12:25:00
James Dipple-Johnstone (Deputy Commissioner) yesterday commented on the signing of the Memorandum of Understanding.