What Do Political Parties Really Know About You?

This Thursday (1 May 2025), voters will go to the polls in 1,641 council seats across 24 local authorities. You may have spoken to a canvasser, filled out a political survey, or received campaign leaflets — but have you ever stopped to wonder how political parties know where to find you, how likely you are to vote, or even what you care about?

How Political Parties use your data

Behind the scenes, political parties are using sophisticated data systems to profile, segment, and target voters — and many people have little to no idea this is happening.

Five years ago, Open Rights Group published a report called What Do They Know? revealing how political parties were building detailed databases of voter information. In the run-up to last year’s General Election, we revisited this issue — and what we found was even more troubling.

We invited supporters to submit subject access requests (SARs) to political parties, allowing individuals to see what data parties held on them. We have complied a CSV full of some of the data fields we learned about.

This time, we also provided new tools to help people opt out of automated profiling and algorithmic decision-making. In parallel, we carried out a technical audit of canvassing apps used by major parties and published the results in our report, Moral Hazard: Voter Data Privacy and Politics in Election Canvassing Apps.

Here are four lessons we’ve learned.

ONE
Credit agency Experian is embedded in Labour’s voter targeting infrastructure

We uncovered an uncomfortably close relationship between the Labour Party and Experian, a credit referencing agency best known for scoring people’s creditworthiness.

Experian plays a role in hosting or developing key parts of Labour’s canvassing database. Labour’s privacy policy admits that the party collects “demographic data about you from our commercial supplier (Experian),” but provides little detail about the nature of this data or how it’s used.

Subject access requests suggest that Experian’s Mosaic data is used to algorithmically score voters — including, worryingly, assigning a score for a person’s likelihood of being at home during the day.

Credit reference agencies like Experian have extraordinary powers to harvest personal data. Their involvement in electoral profiling raises serious questions about data separation and accountability.

We believe the Information Commissioner’s Office (ICO) should investigate how data flows between Experian and political parties, and whether such relationships breach the principles of data protection law.

TWO
Political parties are still failing to respect people’s data rights

No political party performed well in handling data access or opt-out requests.

• The Conservatives, though relatively quick to respond, treated requests to opt out of profiling as if they were simply requests to stop receiving marketing emails.

• We had reports from members that the Liberal Democrats claimed they were too busy during the election to respond to some SARs.

• Labour introduced bureaucratic hurdles, questioning the validity of requests submitted through third-party tools — ironically, despite most email addresses also being third-party services.

• Reform UK failed to respond at all, prompting the Good Law Project to take legal action against them.

This isn’t about pointing fingers at one party over another — it’s a systemic failure across the political spectrum. Established parties like Labour and the Conservatives are just as culpable as newer entrants like Reform UK or the Workers Party of Britain. The underlying problem is that compliance isn’t prioritised in political campaigning — funding and staffing go to ads and outreach, not rights and transparency.

Most parties offer some ability to opt out of direct marketing, but none are prepared to honour opt-outs from automated profiling. That’s concerning, because some voters may want to hear from candidates — but not be profiled or scored based on commercially available data.

If political parties want to earn the trust of privacy-conscious voters, they need to take these rights seriously.

THREE
Profiling by race has declined — but class-based targeting remains widespread

When we first looked at voter profiling in the late 2010s, it wasn’t unusual to find parties making assumptions about race, religion, and ethnicity. The Liberal Democrats analysed surnames to predict ethnic origin. Labour used Experian’s “Mosaic Origins” data field. The Conservatives had a “Mysticism” field to guess someone’s religion.

Our most recent SAR data shows fewer signs of this kind of profiling — a welcome shift. But class-based targeting remains widespread. However the Conservatives were still using a ‘mother tongue’ field which could be used as a proxy for race and cultural profiling.

Voters are still being profiled based on wealth and income indicators, often sourced from third-party commercial datasets. Parties routinely use marked registers — which show who has voted in past elections — to estimate a person’s likelihood to vote.

Together, these tools can lead to a troubling outcome: if parties believe certain people are unlikely to vote, they’re less likely to contact them. And those people, in turn, become even more disengaged.

It creates a vicious cycle of disenfranchisement — especially for those from lower-income or precarious backgrounds.

The use of credit data (again, often via Experian) can exacerbate these issues, as debt history and postcode data are used to profile voting behaviour.

Politicians should remember: ignoring voters who don’t vote might backfire — especially when a new party comes along with a message that resonates with those left out.

FOUR
Canvassing apps: security flaws and lack of transparency

Our Moral Hazard report revealed major privacy and security concerns in the canvassing apps used by political parties:

• Labour’s web-based Reach, Doorstep and Contact Creator apps were found to be integrated with infrastructure owned by Experian. It’s unclear how data was shared and processed between the two entities.

• Static Application Security Testing analysis of the Liberal Democrats’ MiniVan App found it was deployed on infrastructure with a history of known vulnerabilities.

• The Conservatives’ Share2Win app raised privacy concerns including potential location tracking.

• All parties appear to be reliant on international commercial entities to run key parts of their digital campaigning infrastructure.

The lack of transparency over these tools — and how data is being stored, shared, or secured — raises serious questions about voter privacy and legality. We believe the ICO must investigate these tools as part of a broader inquiry into the data ecosystems underpinning modern campaigning.

Time for Political Data Reform

Our investigations show that voter data rights are still not being respected — by any political party.

Political parties collect vast amounts of personal data to drive increasingly precise and opaque targeting. But the systems they use are poorly regulated, frequently intrusive, and not subject to meaningful oversight.

If democracy is to be fair, voters must have the right to understand, challenge, and opt out of how they’re being profiled. We need:

• Stronger enforcement by the ICO.

• Greater transparency from political parties.

• Tools and rights that put power back in the hands of voters.

• Funding for parties to get compliance issues right.

As voters head the polls in local elections, we urge parties to clean up their data practices — and we urge voters to ask: What do they know about me? And what are they doing with it?

Data and Democracy

Data and Democracy

Find Out More