Information Commissioner's Office
Information Commissioner reminds political parties they must comply with the law ahead of General Election
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning. The letter was sent to the following parties:
- Lib Dems
- Plaid Cymru
- The Brexit Party
- The Independent Group for Change
- Sinn Féin
“People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.”
A dedicated election hub for parties and campaigns has also been created on the ICO website, along with an updated ‘Be Data Aware’ campaign for the public telling them their rights when their personal information is used for political purposes.
Following the announcement of a General Election on 12 December, I am writing to remind you of the continuing need to comply with data protection and electronic marketing laws.
People’s awareness of their data protection rights has never been greater, and their expectations that those rights are respected never higher. Compliance with these laws is vital to the trust and confidence in the democratic system.
As I set out in my letter to the political parties before the elections to the European Parliament in May 2019, the ICO’s investigation into the use of data analytics for political purposes found a number of concerns relating to the use of commercial behavioural advertising techniques and the lack of transparency of profiling during recent political campaigns. The investigation identified a number of areas where action was required to improve each of the political parties’ compliance with data protection law. I outlined these concerns in warning letters to political parties in July 2018.
Following on from the warning letters, we carried out data protection audits on a number of political parties as we promised to do in our investigation report. We have been able to use some of the initial findings from these audits to improve our understanding of the data aspects of emerging campaigning techniques and current practice in political parties. We have used this knowledge to help inform our recently published draft framework code of practice for the use of personal information in political campaigning. This draft framework provides guidance on the practical application of data protection and electronic marketing laws to political campaigning practices.
The guidance we have produced is on the practical application of existing data protection and marketing laws to political campaigning practices. While it is still in draft form, we expect political parties, candidates and other campaigners to use it as a reference guide to help them comply with the law in this coming election. We will consider how this guidance has been followed in any regulatory action, and will also take account of feedback received during the consultation.
In particular I would like to emphasise five particularly important requirements:
- Data protection and electronic marketing laws apply both before, during, and after the regulated period.
- You must ensure that you provide individuals with clear and accessible information about how you are using their personal data including inferred data. This includes data obtained directly from individuals and that which is obtained from third parties, including data brokers. Additionally, individuals must be made aware of how their personal data is shared with social media platforms for the purposes of targeted political advertising.
- You must be able to demonstrate your compliance with the law. And you must be able to demonstrate that any third party you use to process personal data on your behalf – including data analytics providers and online campaigning platforms - similarly complies. You must be able to provide a fully auditable record of how the personal data has been obtained and is being processed.
- You must ensure that you have the appropriate records of consent from individuals, where required, to send political messages through electronic channels (calls, texts, emails).
- You must identify lawful bases if you process special category data. Political opinions and ethnicity are two such special categories.
We are aware of the importance of having accessible resources on compliance for all those involved in campaigning. We have therefore set up a webpage with advice specifically for political campaigners.
People expect their personal information to be used in line with law, and where that doesn’t happen in digital campaigning, there’s a danger that public trust and confidence in the broader democracy process is damaged.
It’s crucial that candidates and campaigners get this right, and the ICO will be monitoring the situation throughout.
We are respectful of the democratic process and will approach any regulatory action in a fair and proportionate manner in line with our Regulatory Action Policy.
Elizabeth Denham CBE
Latest News from
Information Commissioner's Office
ICO and National Privacy Commission, Philippines, sign Memorandum of Understanding14/01/2021 12:25:00
UK Information Commissioner, Elizabeth Denham, and her counterpart in the Philippines, Commissioner and Chairman Raymund Enriquez Liboro (NPC), yesterday signed a Memorandum of Understanding (MOU).
Motor industry employee sentenced in ICO Computer Misuse Act prosecution08/01/2021 16:15:00
A motor industry employee has been sentenced to eight months' imprisonment, suspended for two years, in a prosecution brought by the Information Commissioner’s Office (ICO).
ICO statement in response to UK Government’s announcement on the extended period for personal data flows, that will allow time to complete the adequacy process29/12/2020 09:15:00
The Government has announced that the Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted, for no more than six months.
Update to the joint statement on global privacy expectations of video teleconferencing companies24/12/2020 13:20:00
On 21 July 2020 the Information Commissioner’s Office (ICO) and five other data protection and privacy regulators from around the world jointly signed an open letter to companies providing video teleconferencing services.
UK organisations using SolarWinds Orion platform should check whether personal data has been affected24/12/2020 09:10:00
SolarWinds was the victim of a cyber-attack where a vulnerability was inserted into its Orion platform.
ICO calls on UK businesses to prepare to keep data flowing at the end of the transition period23/12/2020 09:10:00
The Information Commissioner (ICO) is calling on the UK’s businesses to check whether they are impacted by data protection law before the end of the UK’s transition period with the EU on 31 December.
ICO publishes new Data Sharing Code of Practice18/12/2020 12:25:00
The Information Commissioner’s Office (ICO) yesterday published its Data Sharing Code of Practice.
ICO to recover £250,000 fine from Manchester claims management firm17/12/2020 12:25:00
The Information Commissioner’s Office (ICO) Financial Recovery Unit (FRU) is starting proceedings to retrieve £250,000 from defunct company Pownall Marketing Limited (PML). The company was recently fined by the ICO for making over 350,000 nuisance calls.