ORG claims voter profiles are inaccurate and illegal

Open Rights Group demands leading parties stop using claimants data for microtargeting election campaigns

Campaigners are considering suing the three leading political parties for misuse of data, saying they may have breached data protection laws by using information to profile voters.

The Open Rights Group (ORG) has sent pre-action letters to the Conservatives, Labour and the Liberal Democrats just days ahead of the election demanding they stop using the data on three specific claimants and delete any existing profile, adding that they would like clarity about how the data was used and from where it was sourced.

The potential legal action centres on the use of personal data to create profiles on voters to focus campaigning efforts. According to ORG, political parties are buying data from sources such as data broker Experian, which creates and maintains profiles for credit checks, in order to score voters on their likeliness of voting one way or another, labelling individuals as "metropolitan elite" or "soft Tory".

Pascal Crowe, data and democracy project officer at ORG, said such activity may not be legal, could be damaging to democracy, and likely aren't even accurate.

"Faith in democratic outcomes rests on a shared democratic process and profiling voters to create micro-targeted audiences undermines that," he says. "It’s use is even more baffling given that we often don’t recognise our profiles. They are not even profiling accurately. But political parties are seemingly unquestioning of the authority of numbers. These techniques should not be used to determine political activity and engagement. They are dishonest, inaccurate, and anti-democratic."

Beyond Experian, it's unclear where the data is coming from, though ORG says two of the parties appear to be sourcing email addresses from local election registers and online voter registration tools which the claimants argue is not legal. It's also unclear, the activist group says, who else the parties are sharing the data with, such as campaign consultancies.

The legal letters are non-partisan, the ORG stressed, noting that each party's behaviour raised different questions. The Conservative Party used names and addresses to guess one claimant's age, without consent or explanation as to why. The Labour Party scored individuals via personal data using a system that was "unintelligible", and failed to respond to a subject access request within the legal time limit. And the Liberal Democrats failed to explain where they sourced third-party data to profile individual voters.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"Our clients requested their information from the Parties and were presented with unclear and incomplete responses," said Ravi Naik, a partner at ITN Solicitors, who is representing the ORG's claimants and previously represented an American academic who sued Cambridge Analytica over data abuse.

"We have therefore written to the parties, outlining our clients' concerns about the use of their data. This includes a challenge to the legality of the wider processing activities." 

In response to the pre-action letters, each of the parties told The Guardian that they fully comply with the law; Naik told the newspaper that the ORG was considering "all options" for a next step, including a high court injunction to halt data processing.

To help Brits find out what data the political parties hold about them, ORG has built an automated subject-access request tool, which is available here. Parties have 30 days to comply under law.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020