ORG claims voter profiles are inaccurate and illegal

Open Rights Group demands leading parties stop using claimants data for microtargeting election campaigns

Campaigners are considering suing the three leading political parties for misuse of data, saying they may have breached data protection laws by using information to profile voters.

The Open Rights Group (ORG) has sent pre-action letters to the Conservatives, Labour and the Liberal Democrats just days ahead of the election demanding they stop using the data on three specific claimants and delete any existing profile, adding that they would like clarity about how the data was used and from where it was sourced.

Advertisement - Article continues below

The potential legal action centres on the use of personal data to create profiles on voters to focus campaigning efforts. According to ORG, political parties are buying data from sources such as data broker Experian, which creates and maintains profiles for credit checks, in order to score voters on their likeliness of voting one way or another, labelling individuals as "metropolitan elite" or "soft Tory".

Pascal Crowe, data and democracy project officer at ORG, said such activity may not be legal, could be damaging to democracy, and likely aren't even accurate.

"Faith in democratic outcomes rests on a shared democratic process and profiling voters to create micro-targeted audiences undermines that," he says. "It’s use is even more baffling given that we often don’t recognise our profiles. They are not even profiling accurately. But political parties are seemingly unquestioning of the authority of numbers. These techniques should not be used to determine political activity and engagement. They are dishonest, inaccurate, and anti-democratic."

Beyond Experian, it's unclear where the data is coming from, though ORG says two of the parties appear to be sourcing email addresses from local election registers and online voter registration tools which the claimants argue is not legal. It's also unclear, the activist group says, who else the parties are sharing the data with, such as campaign consultancies.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The legal letters are non-partisan, the ORG stressed, noting that each party's behaviour raised different questions. The Conservative Party used names and addresses to guess one claimant's age, without consent or explanation as to why. The Labour Party scored individuals via personal data using a system that was "unintelligible", and failed to respond to a subject access request within the legal time limit. And the Liberal Democrats failed to explain where they sourced third-party data to profile individual voters.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"Our clients requested their information from the Parties and were presented with unclear and incomplete responses," said Ravi Naik, a partner at ITN Solicitors, who is representing the ORG's claimants and previously represented an American academic who sued Cambridge Analytica over data abuse.

"We have therefore written to the parties, outlining our clients' concerns about the use of their data. This includes a challenge to the legality of the wider processing activities." 

Advertisement - Article continues below

In response to the pre-action letters, each of the parties told The Guardian that they fully comply with the law; Naik told the newspaper that the ORG was considering "all options" for a next step, including a high court injunction to halt data processing.

To help Brits find out what data the political parties hold about them, ORG has built an automated subject-access request tool, which is available here. Parties have 30 days to comply under law.

Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/privacy/355211/google-releases-location-data-to-showcase-effectiveness-of-coronavirus
privacy

Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

2 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020