In all the outrage and column inches generated by DCMS' Disinformation and 'fake news' report campaigners for political office and representatives of political parties have failed to acknowledge one of the most critical actors in personal data and political campaigning: themselves.
The Disinformation and ‘fake news’ report from the House of Commons Digital, Culture, Media and Sport (DCMS) Committee splashed onto front pages, news feeds and timelines on 18 February. And what a response it provoked. Parliamentarians are once again talking tough against the role of big tech in one of the key areas of our life: the democratic process. The custodians of the democratic tradition are vociferously calling time on “out of control” social media platforms and demanding further regulation.
In all the outrage and column inches generated by the report, however, campaigners for political office and representatives of political parties being angrily vocal about platforms and adverts and elections have failed to acknowledge one of the most critical actors in personal data and political campaigning: themselves.
The DCMS report is damning in its critique of platforms’ cavalier approach to data protection, both during election cycles and generally. It hones in on the role of Facebook in the Cambridge Analytica scandal and condemns in scathing remarks Facebook’s business focus on data as a commodity to be wielded for commercial leverage. It expresses disapproval and disappointment and paints a vivid portrait of how platforms presumptively treat our personal data as their property to use, abuse and barter away. The regulatory proposals focus sharply on creating liability for tech companies and subjecting them to a compulsory code of ethics.
Whilst these are all strong outcomes and largely welcomed, to focus on the platforms alone is to focus only on one piece of the puzzle.
The debate over the use of personal data in political campaigns goes far beyond a call on platforms to remove harmful content. Political ads might be ultimately served by online platforms, but the messages themselves and their targets are created and set by political parties, their affiliated campaigning organisations, and, increasingly, data analytic companies on behalf of the parties or campaigners.
Parts of the report comment on the responsibility of political parties and campaigners in electioneering. However, media coverage and commentary has so far limited itself to emphasising the role of social media companies. This is disappointing messaging. The role of the key political actors in using and misusing data is no less significant than that of the platforms, and their culpability needs to be equally subject to critical scrutiny.
The first layer of responsibility that political actors have for data processing is in gathering and storing target audience data. Some audience data will inevitably come from online platforms, but it will often be accompanied by or added to data separately held by parties and campaigners. Increasingly, political parties purchase this data from data brokers, and those transactions are highly questionable to the point arguably of being in breach of data protection standards.
Next, whilst spending on “digital” in election campaigning is increasing, the specificity of what “digital” means is decreasing. Is this just online ad buys? It is data collection? Message development? A bit of both? All of that and some more via third parties? At present, it's nearly impossible to tell where the money is going. Election finance regulations in Britain urgently need to be redrafted with tighter spending and reporting requirements that reflect the contemporary change in where and how advertising money is distributed.
The actors involved in political campaigns are changing too: gone are the days of straightforward political parties and designated campaign organisations. 21st century electioneering involves a shadowy web of non-registered campaigners that can have decisive influence, or at least spend decisive amounts of money, on digitally-targeted and harder to track campaigns. Transparency is sorely lacking in how these campaigners operate, at a significant risk to fair and open democratic processes.
Platform responsibility for data protection and fair election campaigning is important, but the problem doesn’t begin and end with Facebook. A bigger discussion on the responsibility of political parties when it comes to handling personal data is required.
The Data Protection Act 2018 handed political parties wide powers to process personal data if it “promotes democratic engagement” or is part of their “political activities”, including campaigning and fundraising. What this means is unclear. One obvious impact, though, is that parties will no longer have to work so hard to justify their processing of personal data. This sets a worryingly lax data protection standard.
The democratic trust deficit existing in Britain today is not corrected by riding an anti-social-media wave. It begins with admitting that powerful political parties, and their affiliates, have a core responsibility when it comes to the collection, combination and use of personal data in political campaigns.
The DCMS report offers a powerful opportunity to look at data processing in elections through a wide lens and do some vitally needed internal housekeeping. It could be used, as we intend to use it, to publicly cement the duty of parliament and its occupants to uphold data protection standards, go beyond just the letter of the law, and carefully consider whether the same system that is used to sell us shoes and holidays and 10% off vouchers can be used to facilitate open and informed democratic debates.
Open Rights Group is just beginning to work on Data and Democracy, and we expect to find opportunities to raise the above points as the DCMS report continues to be further digested. Other outputs examining this issue are also expected soon. In particular, the Information Commissioner’s Office asked for views late last year on a code of practice for the use of personal information in political campaigns; ORG responded, calling for greater clarity on the new “political” bases for processing sensitive personal data and explaining what is appropriate in terms of targeting political messaging and how electoral roll data should be used. These are topics worthy of discussion and we look forward to seeing ICO guidance in the near future.
The DCMS report is a strongly positive step towards setting new rules for political campaigning. The question we ask is - to whom are these rules going to apply? For fair campaigning and truly democratic data protection, we hope the list comprises more than just tech companies.