A watchdog has warned political parties in Wales there is a “risk to democracy” if they don’t shape up on data protection.
The Information Commissioner’s Office (ICO) has said how they look after people’s personal data is not good enough and has made a number of recommendations.
It has said it is prepared to take regulatory action if things don’t improve.
The ICO undertook audits of seven political parties from June to September 2019, five of which stand in Wales. These include the Conservative Party, the Labour Party, the Liberal Democrats, the Scottish National Party, the Democratic Unionist Party, Plaid Cymru and UKIP.
The summary of the audits cites “considerable areas for improvement in both transparency and lawfulness”.
The audits were conducted following “significant concerns” about transparency and the use of people’s data in political campaigning that were highlighted in its 2018 report, Democracy Disrupted?
Political parties have collected data on millions of people and are allowed to do so to help them campaign effectively.
But the ICO is worried that many voters are completely unaware of how their personal data is being used. Rapid developments in the use of data analytics and social media are reasons given for this and it claims this has left voters on the “back foot”.
In the report on the audit the Information Commissioner Elizabeth Denham says:
“The risk to democracy if elections are driven by unfair or opaque digital targeting is too great for us to shift our focus from this area.
“We recognise the unique role political parties play in a democratic society.
“Society benefits from political parties that want to keep in touch with people through more informed voting decisions, better engagement with hard-to-reach groups and the potential for increased engagement in democratic processes.
“However, that engagement must respect obligations under the law, especially so where there are risks of significant privacy intrusion.”
“All political parties must use personal information in ways that are transparent, understood by people and lawful if they are to retain the trust and confidence of electorates.
“The transparency and accountability required by data protection is a key aspect in developing and maintaining trust. It follows that there’s an important role for the ICO in scrutinising this area.”
The ICO categorised 70 per cent of the recommendations as “urgent” or “high priority”.
Key recommendations for the political parties include:
- Providing the public with clear information at the outset about how their data will be used
- Telling individuals when they use intrusive profiling such as combining information about those individuals from several different sources to find out more about their voting characteristics and interests
- Being transparent when using personal data to profile and then target people with marketing via social media platforms
- Being able to demonstrate that they’re accountable, all the while showing how parties meet their obligations and protect people’s rights
- Carrying out thorough checks on all contracted and potential processors and third party suppliers to gain assurances that they comply with the key transparency, security and accountability requirements of data protection law
- Reviewing their lawful bases for the different types of processing of personal data used to ensure the most appropriate basis is used
According to the ICO: “The parties have committed to making the improvements necessary to comply with the law and make their data processing more transparent, which the ICO will monitor for effectiveness.”