Information Commissioner's Office
Information Commissioner reminds political parties they must comply with the law ahead of General Election
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning. The letter was sent to the following parties:
- Lib Dems
- Plaid Cymru
- The Brexit Party
- The Independent Group for Change
- Sinn Féin
“People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”
A dedicated election hub for parties and campaigns has also been created on the ICO website, along with an updated ‘Be Data Aware’ campaign for the public telling them their rights when their personal information is used for political purposes.
Following the announcement of a General Election on 12 December, I am writing to remind you of the continuing need to comply with data protection and electronic marketing laws.
People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system.
As I set out in my letter to the political parties before the elections to the European Parliament in May 2019, the ICO’s investigation into the use of data analytics for political purposes found a number of concerns relating to the use of commercial behavioural advertising techniques and the lack of transparency of profiling during recent political campaigns. The investigation identified a number of areas where action was required to improve each of the political parties’ compliance with data protection law. I outlined these concerns in warning letters to political parties in July 2018.
Following on from the warning letters, we carried out data protection audits on a number of political parties as we promised to do in our investigation report. We have been able to use some of the initial findings from these audits to improve our understanding of the data aspects of emerging campaigning techniques and current practice in political parties. We have used this knowledge to help inform our recently published draft framework code of practice for the use of personal information in political campaigning. This draft framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.
The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices. While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.
In particular I would like to emphasise five particularly important requirements:
- Data protection and electronic marketing laws apply both before, during, and after the regulated period.
- You must ensure that you provide individuals with clear and accessible information about how you are using their personal data including inferred data. This includes data obtained directly from individuals and that which is obtained from third parties, including data brokers. Additionally, individuals must be made aware of how their personal data is shared with social media platforms for the purposes of targeted political advertising.
- You must be able to demonstrate your compliance with the law. And you must be able to demonstrate that any third party you use to process personal data on your behalf – including data analytics providers and online campaigning platforms - similarly complies. You must be able to provide a fully auditable record of how the personal data has been obtained and is being processed.
- You must ensure that you have the appropriate records of consent from individuals, where required, to send political messages through electronic channels (calls, texts, emails).
- You must identify lawful bases if you process special category data. Political opinions and ethnicity are two such special categories.
We are aware of the importance of having accessible resources on compliance for all those involved in campaigning. We have therefore set up a webpage with advice specifically for political campaigners.
People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.
It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout.
We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.
Elizabeth Denham CBE
Latest News from
Information Commissioner's Office
Tribute to His Royal Highness The Duke of Edinburgh12/04/2021 14:10:00
Statement from Elizabeth Denham, Information Commissioner.
Blog: Data Protection law can help create public trust and confidence around COVID-status certification schemes29/03/2021 12:25:00
Blog posted by: Elizabeth Denham, Information Commissioner, 26 March 2021.
Secretary of State for the Department for Digital, Culture Media & Sport and the Information Commissioner sign Memorandum of Understanding on data adequacy22/03/2021 14:33:00
Having left the EU, the Secretary of State for the Department for Digital, Culture, Media and Sport now holds powers to make independent UK data adequacy arrangements with new partners around the world, making it easier for organisations to send data internationally.
Blog: Building on the data sharing code – our plans for updating our anonymisation guidance22/03/2021 11:05:00
Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out trends and provide new insights to improve patient care, while in the financial sector, data sharing can help to protect against money laundering and ensure individuals are protected from fraud.
Secretary of State for the DCMS and the Information Commissioner sign Memorandum of Understanding on Data Adequacy19/03/2021 12:07:00
Oliver Dowden, Secretary of State for the Department for Digital, Culture, Media and Sport, now holds powers to make independent UK data adequacy arrangements.
Digital Regulation Cooperation Forum publishes its first annual plan of work10/03/2021 14:15:00
The Digital Regulation Cooperation Forum (DRCF) today outlined its priorities for the coming year, marking a step-change in coordination of regulation across digital and online services.
Blog: Supporting UK democracy through data protection with new political campaigning guidance09/03/2021 12:25:00
Blog posted by: Elizabeth Denham, Information Commissioner, 09 March 2021.
ICO fines firms for sending more than 2.7 million spam text messages during the pandemic05/03/2021 15:05:00
Two separate companies that sent nuisance text messages during the Covid-19 pandemic have been fined a total of £330,000 by the Information Commissioner’s Office (ICO).