The Personal Data Being Used To Get Your Vote

Please log in to browse. Login now
The pace of digital innovation has had a big impact on everyday life and that includes our relationship with the democratic process -  everything from your phone number to your approximate salary and home address is collected and traded by political campaigns and consultants. Whether we are sharing our views with others or registering to vote, the starting point for our political engagement these days is often digital. 
 
All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates, but how much do political parties know about you - and how is it used to try to sway your vote?
 
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now a Report from the UK’s Information Commissioner’s Office (ICO) has focused on the relationship between data brokers and the politicians here.
 
Should We Be Concerned?
 
The ICO report has found that even limited information can be used in surprising ways.  For example, buying someone's name can lead to making guesses about their income, number of children and ethnicity, which is then used to tailor a political message for them. The report suggests that the British Conservative Party is doing just that, using so-called "onomastic data", whicht is information derived from the study of people's names which could identify their ethnic origin or religion. It has done that for 10 million voters, most of whom will be unaware of exactly how their information is being used.
 
Political parties can legitimately hold personal data on individuals to help them campaign more effectively. But sophisticated data analytics software can now combine information about individuals from multiple sources to find more about their voting characteristics and interests - something that many people might find disturbing. 
 
How Do Political Parties Get Personal Data ?
 
The Electoral Register forms "the spine" of data sources, according to PI, but beyond that it is surprisingly difficult to work out what the parties use one thisng that has become clearer is the role of data brokers. Both the Conservatives and the Labour Party make use of a product from Experian called Mosaic, according to the Open Rights Group (ORG), which describes Experian as being a "one-stop shop for data used in political profiling". 
 
Experian is better known as a credit rating agency, but it also acts as a data broker, along with others such as Equifax and Transunion.They collect data themselves or, in some cases, buy it from other companies, such as a credit card company. They then sell it on to advertisers, or, in this case, to political parties.
 
A two-year investigation by the ICO found that millions of adults in the UK had had their data processed by Experian. The ICO recommended a long list of improvements the company needed to make in order to comply with the EU-wide GDPR law on data privacy.
 
What About The Political Parties?
 
The BBC asked the Conservative, Labour and the Liberal Democrat parties how they use data and where they receive it from. None have replied. The ORG conducted its own investigation and as part of its research it asked people to request all data political parties held on them, something known as a Data Subject Access Request.  There were not many responses but the limited information found included: 
 
  • The Labour party had compiled up to 100 pages of data per individuals, broken down into over 80 categories
  • The Liberal Democrat party attempted to guess the number of families in a home, and an individual's age based on name
  • The Conservative party attempted to estimate how likely an individual was to read and enjoy the Daily Mail, as well as guessing income
 
All the parties were asked whether they used data broker services in the 2019 election, but only the Liberal Democrats confirmed they did not, stating they felt it would not be compliant with the GDPR privacy law. The Labour Party did not reply while the Conservatives said that they did purchase commercially available data, but did not say what they did with it. 
 
Much of the use of personal data by political parties is done under the banner of democratic engagement, which is used to justify a wide range of profiling activities.
 
What Is To Be Done?
 
The ICO says political parties need to be much clearer about how they intend to use personal data. But the Open Rights Group thinks it needs much tougher action. "If it does not crack down, there is no incentive for better behaviour," it said. One of the obvious ways would be to allow voters the ability to refuse the sharing of their data between a political party and a third party, such as a data broker.
 
GDPR stipulates that individuals should know exactly how their data is being used and agree to that. Given how campaigns are now conducted online, the focus should be on how we can shed light on online advertising, on party funding, spending in the digital world, and on the role tech companies play in this ecosystem and how they and politics is using our data.
 
Information Commissioner's Office UK:        CNet:         BBC:     Electoral Reform Society UK:      Yahoo Finance:
 
You Might Also Read:
 
Voter Data Being Used To Disrupt US Election:
 
« Ethiopian Telecoms System Has Critical Security Flaws
Insider Security Risk Soars During Lockdown »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER) - USA

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER) - USA

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

Sansec

Sansec

Sansec is the global leader in eCommerce malware and vulnerability detection. We help you to stay ahead of hackers!

CyberUSA

CyberUSA

CyberUSA is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience.

Allure Security

Allure Security

Allure Security AI-driven brand protection scans more of the online world for faster, more accurate detection & removal of spoof websites, social media & mobile apps -- before customers fall victim.

Interlock

Interlock

Interlock are building blockchain-based security products that solve legacy web2 security issues - phishing and social engineering.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.

RANE Network

RANE Network

RANE is a global risk intelligence company that provides critical insights and analysis to more efficiently anticipate, monitor, and respond to emerging threats.

Wirespeed

Wirespeed

Managed Detection & Response (MDR) has never been faster or easier: Onboard in minutes, Respond in seconds, Secure instantly.