ORG claims voter profiles are inaccurate and illegal

Open Rights Group demands leading parties stop using claimants data for microtargeting election campaigns

Campaigners are considering suing the three leading political parties for misuse of data, saying they may have breached data protection laws by using information to profile voters.

The Open Rights Group (ORG) has sent pre-action letters to the Conservatives, Labour and the Liberal Democrats just days ahead of the election demanding they stop using the data on three specific claimants and delete any existing profile, adding that they would like clarity about how the data was used and from where it was sourced.

The potential legal action centres on the use of personal data to create profiles on voters to focus campaigning efforts. According to ORG, political parties are buying data from sources such as data broker Experian, which creates and maintains profiles for credit checks, in order to score voters on their likeliness of voting one way or another, labelling individuals as "metropolitan elite" or "soft Tory".

Pascal Crowe, data and democracy project officer at ORG, said such activity may not be legal, could be damaging to democracy, and likely aren't even accurate.

"Faith in democratic outcomes rests on a shared democratic process and profiling voters to create micro-targeted audiences undermines that," he says. "It’s use is even more baffling given that we often don’t recognise our profiles. They are not even profiling accurately. But political parties are seemingly unquestioning of the authority of numbers. These techniques should not be used to determine political activity and engagement. They are dishonest, inaccurate, and anti-democratic."

Beyond Experian, it's unclear where the data is coming from, though ORG says two of the parties appear to be sourcing email addresses from local election registers and online voter registration tools which the claimants argue is not legal. It's also unclear, the activist group says, who else the parties are sharing the data with, such as campaign consultancies.

The legal letters are non-partisan, the ORG stressed, noting that each party's behaviour raised different questions. The Conservative Party used names and addresses to guess one claimant's age, without consent or explanation as to why. The Labour Party scored individuals via personal data using a system that was "unintelligible", and failed to respond to a subject access request within the legal time limit. And the Liberal Democrats failed to explain where they sourced third-party data to profile individual voters.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"Our clients requested their information from the Parties and were presented with unclear and incomplete responses," said Ravi Naik, a partner at ITN Solicitors, who is representing the ORG's claimants and previously represented an American academic who sued Cambridge Analytica over data abuse.

"We have therefore written to the parties, outlining our clients' concerns about the use of their data. This includes a challenge to the legality of the wider processing activities." 

In response to the pre-action letters, each of the parties told The Guardian that they fully comply with the law; Naik told the newspaper that the ORG was considering "all options" for a next step, including a high court injunction to halt data processing.

To help Brits find out what data the political parties hold about them, ORG has built an automated subject-access request tool, which is available here. Parties have 30 days to comply under law.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021