The Personal Data Being Used To Get Your Vote

The pace of digital innovation has had a big impact on everyday life and that includes our relationship with the democratic process -  everything from your phone number to your approximate salary and home address is collected and traded by political campaigns and consultants. Whether we are sharing our views with others or registering to vote, the starting point for our political engagement these days is often digital. 
 
All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates, but how much do political parties know about you - and how is it used to try to sway your vote?
 
The Cambridge Analytica scandal threw light on how the Facebook data of millions was harvested and turned into a messaging tool. The revelations were criticised far and wide by politicians of all stripes. But now a Report from the UK’s Information Commissioner’s Office (ICO) has focused on the relationship between data brokers and the politicians here.
 
Should We Be Concerned?
 
The ICO report has found that even limited information can be used in surprising ways.  For example, buying someone's name can lead to making guesses about their income, number of children and ethnicity, which is then used to tailor a political message for them. The report suggests that the British Conservative Party is doing just that, using so-called "onomastic data", whicht is information derived from the study of people's names which could identify their ethnic origin or religion. It has done that for 10 million voters, most of whom will be unaware of exactly how their information is being used.
 
Political parties can legitimately hold personal data on individuals to help them campaign more effectively. But sophisticated data analytics software can now combine information about individuals from multiple sources to find more about their voting characteristics and interests - something that many people might find disturbing. 
 
How Do Political Parties Get Personal Data ?
 
The Electoral Register forms "the spine" of data sources, according to PI, but beyond that it is surprisingly difficult to work out what the parties use one thisng that has become clearer is the role of data brokers. Both the Conservatives and the Labour Party make use of a product from Experian called Mosaic, according to the Open Rights Group (ORG), which describes Experian as being a "one-stop shop for data used in political profiling". 
 
Experian is better known as a credit rating agency, but it also acts as a data broker, along with others such as Equifax and Transunion.They collect data themselves or, in some cases, buy it from other companies, such as a credit card company. They then sell it on to advertisers, or, in this case, to political parties.
 
A two-year investigation by the ICO found that millions of adults in the UK had had their data processed by Experian. The ICO recommended a long list of improvements the company needed to make in order to comply with the EU-wide GDPR law on data privacy.
 
What About The Political Parties?
 
The BBC asked the Conservative, Labour and the Liberal Democrat parties how they use data and where they receive it from. None have replied. The ORG conducted its own investigation and as part of its research it asked people to request all data political parties held on them, something known as a Data Subject Access Request.  There were not many responses but the limited information found included: 
 
  • The Labour party had compiled up to 100 pages of data per individuals, broken down into over 80 categories
  • The Liberal Democrat party attempted to guess the number of families in a home, and an individual's age based on name
  • The Conservative party attempted to estimate how likely an individual was to read and enjoy the Daily Mail, as well as guessing income
 
All the parties were asked whether they used data broker services in the 2019 election, but only the Liberal Democrats confirmed they did not, stating they felt it would not be compliant with the GDPR privacy law. The Labour Party did not reply while the Conservatives said that they did purchase commercially available data, but did not say what they did with it. 
 
Much of the use of personal data by political parties is done under the banner of democratic engagement, which is used to justify a wide range of profiling activities.
 
What Is To Be Done?
 
The ICO says political parties need to be much clearer about how they intend to use personal data. But the Open Rights Group thinks it needs much tougher action. "If it does not crack down, there is no incentive for better behaviour," it said. One of the obvious ways would be to allow voters the ability to refuse the sharing of their data between a political party and a third party, such as a data broker.
 
GDPR stipulates that individuals should know exactly how their data is being used and agree to that. Given how campaigns are now conducted online, the focus should be on how we can shed light on online advertising, on party funding, spending in the digital world, and on the role tech companies play in this ecosystem and how they and politics is using our data.
 
Information Commissioner's Office UK:        CNet:         BBC:     Electoral Reform Society UK:      Yahoo Finance:
 
You Might Also Read:
 
Voter Data Being Used To Disrupt US Election:
 
« Ethiopian Telecoms System Has Critical Security Flaws
Insider Security Risk Soars During Lockdown »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Option3

Option3

Option3 (formerly Option3Ventures - O3V) primarily seek control investments in the growing cybersecurity mid-market, seeking to build champions with the scale to bring cutting-edge products to market.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.