The Personal Data Being Used To Get Your Vote

The pace of digital innovation has had a big impact on everyday life and that includes our relationship with the democratic process -  everything from your phone number to your approximate salary and home address is collected and traded by political campaigns and consultants. Whether we are sharing our views with others or registering to vote, the starting point for our political engagement these days is often digital. 
 
All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates, but how much do political parties know about you - and how is it used to try to sway your vote?
 
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now a Report from the UK’s Information Commissioner’s Office (ICO) has focused on the relationship between data brokers and the politicians here.
 
Should We Be Concerned?
 
The ICO report has found that even limited information can be used in surprising ways.  For example, buying someone's name can lead to making guesses about their income, number of children and ethnicity, which is then used to tailor a political message for them. The report suggests that the British Conservative Party is doing just that, using so-called "onomastic data", whicht is information derived from the study of people's names which could identify their ethnic origin or religion. It has done that for 10 million voters, most of whom will be unaware of exactly how their information is being used.
 
Political parties can legitimately hold personal data on individuals to help them campaign more effectively. But sophisticated data analytics software can now combine information about individuals from multiple sources to find more about their voting characteristics and interests - something that many people might find disturbing. 
 
How Do Political Parties Get Personal Data ?
 
The Electoral Register forms "the spine" of data sources, according to PI, but beyond that it is surprisingly difficult to work out what the parties use one thisng that has become clearer is the role of data brokers. Both the Conservatives and the Labour Party make use of a product from Experian called Mosaic, according to the Open Rights Group (ORG), which describes Experian as being a "one-stop shop for data used in political profiling". 
 
Experian is better known as a credit rating agency, but it also acts as a data broker, along with others such as Equifax and Transunion.They collect data themselves or, in some cases, buy it from other companies, such as a credit card company. They then sell it on to advertisers, or, in this case, to political parties.
 
A two-year investigation by the ICO found that millions of adults in the UK had had their data processed by Experian. The ICO recommended a long list of improvements the company needed to make in order to comply with the EU-wide GDPR law on data privacy.
 
What About The Political Parties?
 
The BBC asked the Conservative, Labour and the Liberal Democrat parties how they use data and where they receive it from. None have replied. The ORG conducted its own investigation and as part of its research it asked people to request all data political parties held on them, something known as a Data Subject Access Request.  There were not many responses but the limited information found included: 
 
  • The Labour party had compiled up to 100 pages of data per individuals, broken down into over 80 categories
  • The Liberal Democrat party attempted to guess the number of families in a home, and an individual's age based on name
  • The Conservative party attempted to estimate how likely an individual was to read and enjoy the Daily Mail, as well as guessing income
 
All the parties were asked whether they used data broker services in the 2019 election, but only the Liberal Democrats confirmed they did not, stating they felt it would not be compliant with the GDPR privacy law. The Labour Party did not reply while the Conservatives said that they did purchase commercially available data, but did not say what they did with it. 
 
Much of the use of personal data by political parties is done under the banner of democratic engagement, which is used to justify a wide range of profiling activities.
 
What Is To Be Done?
 
The ICO says political parties need to be much clearer about how they intend to use personal data. But the Open Rights Group thinks it needs much tougher action. "If it does not crack down, there is no incentive for better behaviour," it said. One of the obvious ways would be to allow voters the ability to refuse the sharing of their data between a political party and a third party, such as a data broker.
 
GDPR stipulates that individuals should know exactly how their data is being used and agree to that. Given how campaigns are now conducted online, the focus should be on how we can shed light on online advertising, on party funding, spending in the digital world, and on the role tech companies play in this ecosystem and how they and politics is using our data.
 
Information Commissioner's Office UK:        CNet:         BBC:     Electoral Reform Society UK:      Yahoo Finance:
 
You Might Also Read:
 
Voter Data Being Used To Disrupt US Election:
 
« Ethiopian Telecoms System Has Critical Security Flaws
Insider Security Risk Soars During Lockdown »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Cybots

Cybots

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.