The Personal Data Being Used To Get Your Vote

The pace of digital innovation has had a big impact on everyday life and that includes our relationship with the democratic process -  everything from your phone number to your approximate salary and home address is collected and traded by political campaigns and consultants. Whether we are sharing our views with others or registering to vote, the starting point for our political engagement these days is often digital. 
 
All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates, but how much do political parties know about you - and how is it used to try to sway your vote?
 
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now a Report from the UK’s Information Commissioner’s Office (ICO) has focused on the relationship between data brokers and the politicians here.
 
Should We Be Concerned?
 
The ICO report has found that even limited information can be used in surprising ways.  For example, buying someone's name can lead to making guesses about their income, number of children and ethnicity, which is then used to tailor a political message for them. The report suggests that the British Conservative Party is doing just that, using so-called "onomastic data", whicht is information derived from the study of people's names which could identify their ethnic origin or religion. It has done that for 10 million voters, most of whom will be unaware of exactly how their information is being used.
 
Political parties can legitimately hold personal data on individuals to help them campaign more effectively. But sophisticated data analytics software can now combine information about individuals from multiple sources to find more about their voting characteristics and interests - something that many people might find disturbing. 
 
How Do Political Parties Get Personal Data ?
 
The Electoral Register forms "the spine" of data sources, according to PI, but beyond that it is surprisingly difficult to work out what the parties use one thisng that has become clearer is the role of data brokers. Both the Conservatives and the Labour Party make use of a product from Experian called Mosaic, according to the Open Rights Group (ORG), which describes Experian as being a "one-stop shop for data used in political profiling". 
 
Experian is better known as a credit rating agency, but it also acts as a data broker, along with others such as Equifax and Transunion.They collect data themselves or, in some cases, buy it from other companies, such as a credit card company. They then sell it on to advertisers, or, in this case, to political parties.
 
A two-year investigation by the ICO found that millions of adults in the UK had had their data processed by Experian. The ICO recommended a long list of improvements the company needed to make in order to comply with the EU-wide GDPR law on data privacy.
 
What About The Political Parties?
 
The BBC asked the Conservative, Labour and the Liberal Democrat parties how they use data and where they receive it from. None have replied. The ORG conducted its own investigation and as part of its research it asked people to request all data political parties held on them, something known as a Data Subject Access Request.  There were not many responses but the limited information found included: 
 
  • The Labour party had compiled up to 100 pages of data per individuals, broken down into over 80 categories
  • The Liberal Democrat party attempted to guess the number of families in a home, and an individual's age based on name
  • The Conservative party attempted to estimate how likely an individual was to read and enjoy the Daily Mail, as well as guessing income
 
All the parties were asked whether they used data broker services in the 2019 election, but only the Liberal Democrats confirmed they did not, stating they felt it would not be compliant with the GDPR privacy law. The Labour Party did not reply while the Conservatives said that they did purchase commercially available data, but did not say what they did with it. 
 
Much of the use of personal data by political parties is done under the banner of democratic engagement, which is used to justify a wide range of profiling activities.
 
What Is To Be Done?
 
The ICO says political parties need to be much clearer about how they intend to use personal data. But the Open Rights Group thinks it needs much tougher action. "If it does not crack down, there is no incentive for better behaviour," it said. One of the obvious ways would be to allow voters the ability to refuse the sharing of their data between a political party and a third party, such as a data broker.
 
GDPR stipulates that individuals should know exactly how their data is being used and agree to that. Given how campaigns are now conducted online, the focus should be on how we can shed light on online advertising, on party funding, spending in the digital world, and on the role tech companies play in this ecosystem and how they and politics is using our data.
 
Information Commissioner's Office UK:        CNet:         BBC:     Electoral Reform Society UK:      Yahoo Finance:
 
You Might Also Read:
 
Voter Data Being Used To Disrupt US Election:
 
« Ethiopian Telecoms System Has Critical Security Flaws
Insider Security Risk Soars During Lockdown »

Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Halo Consulting

Halo Consulting

We provide advice on products from all of the major insurance providers including cyber liability insurance.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

BrandSecurity

BrandSecurity

BrandSecurity is a Russian company which specializes in providing services to protect brands on the Internet (rapid detection and prevention of illegal use of intellectual property).

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

FirmGuard

FirmGuard

FirmGuard helps organisations understand Information Security and comply with internal and external governance and regulation.