Open Rights Group

Home Blog We need political accountability more than ever- and the ICO can lead the way

Data and Democracy

24 Mar 2020 Pascal Crowe

We need political accountability more than ever- and the ICO can lead the way

We are living in an unprecedented historical moment. Although public health is everyone’s first priority, we are seeing a worrying encroachment on civil liberties by the UK government. The Covid-19 Bill gives extraordinary powers to the police and intelligence services. As a result, ORG’s work of defending human rights online is possibly of more consequence than it ever has been before. 

ORG’s Data Subject Access Request research (forthcoming), has shown the extent of personal data collection by political parties in the UK which predates the current crisis. However the legal basis for them to collect information about individuals, such as their spending habits, address, and social media activity, is considerably more shaky. 

To process your personal data, organisations must rely on one or more lawful bases. These are generally limited by the kind of organisation in question. Most people might assume that political parties rely on the informed consent for citizens to process their data: after all, that is how they get elected! Instead, they tend to rely on three lawful bases: Legitimate interest, public interest, and substantial public interest. It’s the latter two that ORG takes particular issue with. 

The public interest test is invoked when any personal data is processed by a political party. There is a specific provision for what counts as ‘public interest’ for political parties : in this case when processing personal data is  “necessary” for “an activity that supports or promotes democratic engagement”.

However, when processing information such as political opinion or sexuality (known as special category data), there is a higher threshold – the substantial public interest test. For this to be met, data processing must again be “necessary” for“the purposes of the person’s or organisation’s political activities”. In short, this means if processing an individual’s political opinion is not necessary for political parties’ political activities, then it is unlawful. 

Both of these tests have over time become known as “exemptions” or “exceptions” for the political parties. However the parties by and large reject this characterisation. For example Labour, in its written evidence to the House of Lord’s Democracy and Digital Technologies Committee stated that “It is not… the case that the current statutory provisions provide an “exception” for political parties.” The Conservatives said much the same.

It is true that the law does not provide carte-blanche “exceptions” for political parties to use all sorts of personal data without consent. But the political parties interpret their lawful bases so broadly, that they have been used as exemptions in practice. The key issue for the political parties is that in both lawful bases, the word “necessary” is doing a lot of heavy lifting. Both DPA guidance, and the ICO itself, have said that “ you do not have a lawful basis for processing if there is another reasonable and less intrusive way to achieve the same result”. The processing must be more than useful, standard practice; it must be targeted and proportionate, for a specific purpose.

Our current legal action against the political parties limits what I can say on this specifically. But most reasonable people will understand this: 

  • Attempting to collect data on every registered voter in the UK is not ‘targeted’. 
  • Attempting to get as much personal information as is possible on each of those voters is not ‘proportionate’. 
  • Doing this year round, limited only by a party’s financial or data assets, implies that a ‘specific purpose’ is lacking. 

In addition, I question whether the public would so readily conflate “democratic engagement” with trading and grading personal information. The bulk of this activity is to work out who it is worth the political parties spending further resources on to encourage them to vote for them. This means cutting people out of their operations. Electioneering and democratic engagement are not the same thing. 

The claim that mass data collection is “necessary” for democratic engagement or political activities is false. There are several routes by which this can be proved. The simplest: the ICO could clarify the position of the law and offer strict- ideally binding by statute- guidance to political parties about what constitutes necessity here. Indeed the ICO stated they think political parties have overstepped the line during their recent evidence to the Fairvote APPG.

They should now go further and offer clear, detailed, firm guidance to political parties about what level of data processing is really necessary for a functioning democracy. 

Read more about the Data and Democracy campaign

Related Blogs

Data and Democracy

22 Apr 2024 By Mariano delli Santi

The DPDI Bill Threatens the Integrity of the UK General Election
In our latest briefing, Open Rights Group raises the alarm over changes in the Data Protection and Digital Information Bill (DPDI Bill) that could open the floodgate for the abuse of data analytics and new technologies for electoral manipulation.
Find Out More

Data and Democracy

22 Jan 2021 By Matthew Rice

ORG Takes Political Parties to Privacy Watchdog
On 11 December 2020, the eve of the anniversary of the 2019 General Election Open Rights Group submitted complaints, represented by the data rights firm AWO, to the Information Commissioner’s Office on behalf of data subjects on the processing of personal data by the Labour Party, the Conservative and Unionist Party and the Liberal Democrats.
Find Out More

Data and Democracy

07 Apr 2020 By Pascal Crowe

Democracy and Covid-19
The Covid 19 epidemic has disrupted our economic and social life unlike anything seen in peacetime.
Find Out More

Data and Democracy

31 Mar 2020 By Pascal Crowe

Imprints: who’s responsible?
Many proposed electoral reforms are highly contested.
Find Out More

Data and Democracy

31 Jan 2020 By Pascal Crowe

APPG on Electoral Campaigning Transparency adopt ORG reforms
Last summer, Open Rights Group gave oral evidence to the All Party Parliamentary Group (APPG) on Electoral Campaigning Transparency.
Find Out More

Data and Democracy

09 Dec 2019 By Amy Shepherd

Profiling, Political opinions, and Data Protection – The Legal Background
We’re campaigning to stop political parties abusing personal data in their rush to try and win elections.
Find Out More

Data and Democracy

02 Sep 2019 By Pascal Crowe

Out for the count : the £9 million white elephant in London’s next election
Electronic counting in London – the subject of criticism from the Electoral Commission and Open Rights Group for many years – is now spiralling in cost.
Find Out More

Data and Democracy

28 Jun 2019 By Pascal Crowe

Hunting for a solution? If it ain’t broke, don’t fix it
It seems apt that it was at this week’s ‘digital hustings’ for the Conservative Party leadership that Jeremy Hunt unilaterally came out in favour of online voting.
Find Out More