The Personal Data Being Used To Get Your Vote

The pace of digital innovation has had a big impact on everyday life and that includes our relationship with the democratic process -  everything from your phone number to your approximate salary and home address is collected and traded by political campaigns and consultants. Whether we are sharing our views with others or registering to vote, the starting point for our political engagement these days is often digital. 
 
All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates, but how much do political parties know about you - and how is it used to try to sway your vote?
 
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now a Report from the UK’s Information Commissioner’s Office (ICO) has focused on the relationship between data brokers and the politicians here.
 
Should We Be Concerned?
 
The ICO report has found that even limited information can be used in surprising ways.  For example, buying someone's name can lead to making guesses about their income, number of children and ethnicity, which is then used to tailor a political message for them. The report suggests that the British Conservative Party is doing just that, using so-called "onomastic data", whicht is information derived from the study of people's names which could identify their ethnic origin or religion. It has done that for 10 million voters, most of whom will be unaware of exactly how their information is being used.
 
Political parties can legitimately hold personal data on individuals to help them campaign more effectively. But sophisticated data analytics software can now combine information about individuals from multiple sources to find more about their voting characteristics and interests - something that many people might find disturbing. 
 
How Do Political Parties Get Personal Data ?
 
The Electoral Register forms "the spine" of data sources, according to PI, but beyond that it is surprisingly difficult to work out what the parties use one thisng that has become clearer is the role of data brokers. Both the Conservatives and the Labour Party make use of a product from Experian called Mosaic, according to the Open Rights Group (ORG), which describes Experian as being a "one-stop shop for data used in political profiling". 
 
Experian is better known as a credit rating agency, but it also acts as a data broker, along with others such as Equifax and Transunion.They collect data themselves or, in some cases, buy it from other companies, such as a credit card company. They then sell it on to advertisers, or, in this case, to political parties.
 
A two-year investigation by the ICO found that millions of adults in the UK had had their data processed by Experian. The ICO recommended a long list of improvements the company needed to make in order to comply with the EU-wide GDPR law on data privacy.
 
What About The Political Parties?
 
The BBC asked the Conservative, Labour and the Liberal Democrat parties how they use data and where they receive it from. None have replied. The ORG conducted its own investigation and as part of its research it asked people to request all data political parties held on them, something known as a Data Subject Access Request.  There were not many responses but the limited information found included: 
 
  • The Labour party had compiled up to 100 pages of data per individuals, broken down into over 80 categories
  • The Liberal Democrat party attempted to guess the number of families in a home, and an individual's age based on name
  • The Conservative party attempted to estimate how likely an individual was to read and enjoy the Daily Mail, as well as guessing income
 
All the parties were asked whether they used data broker services in the 2019 election, but only the Liberal Democrats confirmed they did not, stating they felt it would not be compliant with the GDPR privacy law. The Labour Party did not reply while the Conservatives said that they did purchase commercially available data, but did not say what they did with it. 
 
Much of the use of personal data by political parties is done under the banner of democratic engagement, which is used to justify a wide range of profiling activities.
 
What Is To Be Done?
 
The ICO says political parties need to be much clearer about how they intend to use personal data. But the Open Rights Group thinks it needs much tougher action. "If it does not crack down, there is no incentive for better behaviour," it said. One of the obvious ways would be to allow voters the ability to refuse the sharing of their data between a political party and a third party, such as a data broker.
 
GDPR stipulates that individuals should know exactly how their data is being used and agree to that. Given how campaigns are now conducted online, the focus should be on how we can shed light on online advertising, on party funding, spending in the digital world, and on the role tech companies play in this ecosystem and how they and politics is using our data.
 
Information Commissioner's Office UK:        CNet:         BBC:     Electoral Reform Society UK:      Yahoo Finance:
 
You Might Also Read:
 
Voter Data Being Used To Disrupt US Election:
 
« Ethiopian Telecoms System Has Critical Security Flaws
Insider Security Risk Soars During Lockdown »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

Styra

Styra

Styra allows companies to secure cloud environments and applications, including those built on the popular Kubernetes open-source cloud platform.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.