Information Commissioner's Office
Information Commissioner reminds political parties they must comply with the law ahead of General Election
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning. The letter was sent to the following parties:
- Lib Dems
- Plaid Cymru
- The Brexit Party
- The Independent Group for Change
- Sinn Féin
“People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”
A dedicated election hub for parties and campaigns has also been created on the ICO website, along with an updated ‘Be Data Aware’ campaign for the public telling them their rights when their personal information is used for political purposes.
Following the announcement of a General Election on 12 December, I am writing to remind you of the continuing need to comply with data protection and electronic marketing laws.
People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system.
As I set out in my letter to the political parties before the elections to the European Parliament in May 2019, the ICO’s investigation into the use of data analytics for political purposes found a number of concerns relating to the use of commercial behavioural advertising techniques and the lack of transparency of profiling during recent political campaigns. The investigation identified a number of areas where action was required to improve each of the political parties’ compliance with data protection law. I outlined these concerns in warning letters to political parties in July 2018.
Following on from the warning letters, we carried out data protection audits on a number of political parties as we promised to do in our investigation report. We have been able to use some of the initial findings from these audits to improve our understanding of the data aspects of emerging campaigning techniques and current practice in political parties. We have used this knowledge to help inform our recently published draft framework code of practice for the use of personal information in political campaigning. This draft framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.
The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices. While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.
In particular I would like to emphasise five particularly important requirements:
- Data protection and electronic marketing laws apply both before, during, and after the regulated period.
- You must ensure that you provide individuals with clear and accessible information about how you are using their personal data including inferred data. This includes data obtained directly from individuals and that which is obtained from third parties, including data brokers. Additionally, individuals must be made aware of how their personal data is shared with social media platforms for the purposes of targeted political advertising.
- You must be able to demonstrate your compliance with the law. And you must be able to demonstrate that any third party you use to process personal data on your behalf – including data analytics providers and online campaigning platforms - similarly complies. You must be able to provide a fully auditable record of how the personal data has been obtained and is being processed.
- You must ensure that you have the appropriate records of consent from individuals, where required, to send political messages through electronic channels (calls, texts, emails).
- You must identify lawful bases if you process special category data. Political opinions and ethnicity are two such special categories.
We are aware of the importance of having accessible resources on compliance for all those involved in campaigning. We have therefore set up a webpage with advice specifically for political campaigners.
People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.
It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout.
We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.
Elizabeth Denham CBE
Latest News from
Information Commissioner's Office
Blog: Adtech - the reform of real time bidding has started and will continue17/01/2020 16:25:00
A blog by Simon McDougall, ICO Executive Director of Technology and Innovation
National retailer fined half a million pounds for failing to secure information of at least 14 million people10/01/2020 13:25:00
The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.
ICO launches consultation on draft direct marketing code of practice09/01/2020 09:10:00
The Information Commissioner's Office (ICO) has launched a public consultation on a draft direct marketing code of practice.
Blog: The benefits of sharing personal data – what can we learn from Open Banking?07/01/2020 13:20:00
The ICO’s Regulators’ Business Innovation Privacy Hub has recently been looking at the key data protection considerations for innovators who are working in the Open Banking space.
Trust, technology and slippers with torches02/01/2020 14:10:00
Jonathan Bamford holds up a tatty bundle of papers. They’re scrumpled, time worn, ripped and held together with yellowing Sellotape, but with the Royal coat of arms crown still proudly visible on the cover.
Statement on ICO-approved certification schemes23/12/2019 12:10:00
The ICO has announced it will be working with UK Accreditation Service (UKAS) to deliver the ICO-approved certification schemes.
London pharmacy fined after “careless” storage of patient data20/12/2019 14:25:00
The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data.
Blog: The Data Protection Fee: does your company need to pay?04/12/2019 10:10:10
Blog posted by: Paul Arnold, Deputy Chief Executive Officer/Executive Officer, 03 December 2019.
Blog: ICO and The Alan Turing Institute open consultation on first piece of AI guidance03/12/2019 09:10:00
A blog aimed at data scientists, app developers, business owners, CEOs or data protection practitioners, whose organisations are using, or thinking about using, artificial intelligence (AI) to support, or to make, decisions about individuals, by Simon McDougall, Executive Director Technology and Innovation (02 December 2019).