Elections and digital campaigns

It is the anniversary of Guy Fawkes attempting to blow up Parliament. It is therefore not altogether coincidental that the ICO has issued a statement confirming that it has written to all the UK political parties, reminding them of their duty to comply with applicable data protection laws prior to the 12 December UK General Election.

In this context, we've seen that Twitter's CEO, Jack Dorsey, announced Twitter would be placing a ban on political advertising. In his statement (obviously made in a thread on Twitter, where else..), Mr Dorsey states:

While internet advertising is incredibly powerful and very effective for commercial advertisers, that power brings significant risks to politics, where it can be used to influence votes to affect the lives of millions.

In addition, building on this explanation, the Twitter leader highlighted the inherent risks in machine learning marketing campaigns, in the context of influencing votes to establish a government.

Internet political ads present entirely new challenges to civic discourse: machine learning-based optimization of messaging and micro-targeting, unchecked misleading information, and deep fakes. All at increasing velocity, sophistication, and overwhelming scale.

In other words, the marketing tools are incredibly potent and volatile; which in turn, may cause unintended or biased outcomes (at least in their current stage of development and governance schemes which are, in the history of the internet, embryonic).

Despite the welcome reception this political blackout received, commentators have asserted that this policy disadvantages the political newcomer (whilst playing into the hands of the well established political players (Trump et al.)). See Guardian Opinion.

In contrast, Facebook (or should I say, 'FACEBOOK', following the recent 'upper case', shouty, re-brand) has asserted that it will still allow political campaigns. This remains a concern given the considerably greater reach and influence that Facebook's advertising platform has (and the substantially greater ad revenue it receives compared to its younger, aviary sibling).

In this context, you should bear in mind that, in the US, Facebook settled with the FTC for a USD 5 billion payment for breach of privacy laws (in relation to the Cambridge Analytica scandal); in contrast, the parochial ICO levied a fine (which, granted, was the maximum fine it could bring under the old Data Protection Act 1998) of a nominal ￡500,000. Both fines have been about as effective as firing air-to-air missiles at one of those intergalactic, invading, alien ships from 'Independence Day' (you know, before their protective shields were taken down by Jeff Goldblum and Will Smith's virus).

So, what's all the hullabaloo about? Well, political views are special category (or sensitive personal) data (SCD). An organisation needs to take extra special care when processing SCD. So, if you are considering using Custom Audiences or another type of 'lookalike' marketing tool that Facebook or, say, Instagram, may offer, it's important to assess what the privacy implications are of using those technologies.

As with everything, the devil is in the data, sorry, detail. Similarly, trade union membership data is also SCD. So if you are using it, you may need to ensure you have made it clear to individuals how their data is going to be used; or rely on an appropriate exception. In addition, a political party (or their marketing agency) would be well advised to review any suppliers who are engaged to carry out certain campaign activities (and also consider how and where marketing lists are stored).

For further details of the ICO Guidance see its guidance page on Political Campaigns, as well as Draft Code of Practice for use of Personal Data in Political Campaigns. It is a shame that the code is currently in draft - nevertheless, it is invaluable as a reference tool and indication of the ICO's approach to innovative means of campaigning.

Notably, the guidance, also includes additional information for elected representatives. This, is, no doubt, valuable bedside reading for our current, beloved Members of Parliament.

5 November 2019

Philip James is a Partner at Sheridans and advises clients on data strategy and licensing frameworks. Philip has a particular interest in open finance, geospatial data, fraud, ethics, risk governance and cyber security.