Colin Bennett is a professor in the department of political science at the University of Victoria and researches the privacy implications of new technologies in the democratic process.
In the run-up to the 2019 federal election, there needs to be far more transparency about how personal data is captured, processed, mined, communicated and profiled by our main political parties. And we need to have a far more open debate about whether these practices are healthy for our democracy.
Politicians have got it into their heads that they can win elections if they only have more finely grained data on the electorate than their opponents. In closely fought elections, where the margin of victory can be small, the incentive to get better data to personalize communication with voters is huge.
All parties are obviously very reluctant to reveal their voter analysis techniques. They have not accepted the proposition that they should be subject to Canada’s privacy laws, and the jurisdiction of the privacy commissioner. Nor do they want to restrict what they can do with personal data – it would be like unilateral disarmament. Data-driven elections in Canada has have been mired in an obsessive secrecy.
The government perpetuated this situation by resisting further regulation of political parties in its Elections Modernization Act (C-76), which contains nothing more than a few weak provisions requiring parties to submit privacy codes with Elections Canada, and containing no enforceable rights, or powers of oversight for any regulator.
Not so in Britain, where parties have to abide by the new General Data Protection Regulation (GDPR) and are subject to the jurisdiction of the Office of the Information Commissioner (ICO).
In the recent report, Democracy Disrupted? Personal Information and Political Influence, the ICO profiles the complicated network of polling, data analytics, online platforms and behavioural advertising companies that serve the main political parties. For the first time, we get a glimpse into the complex world of voter analytics from a regulator who was able to use her powers to interview participants, to subpoena records where necessary and to bring enforcement actions where appropriate.
We get a picture of the range of personal data captured by political parties, the source of those data, with whom it is shared. British Information Commissioner Elizabeth Denham got an early taste of these issues when she investigated both the NDP and the BC Liberals in her former role as Information and Privacy Commissioner for B.C.
Most of the media attention has been on the intended enforcement actions against Facebook, SCL Elections Ltd., (the parent company of Cambridge Analytica), and against Aggregate IQ, the Victoria-based company that worked for the Vote Leave campaign in the Brexit referendum. The ICO also fined Emma’s Diary, a company that provides advice to women and new parents, that allegedly sold information to the data broker, Experian, then used by the Labour Party to target women living in marginal constituencies.
We also find out how parties can pitch ads through programs such as Facebook’s “Core” “Custom” and “Look-Alike” audience functions. A company called NationBuilder, active in Canadian elections, also comes under scrutiny. This platform enables political parties to match contact information with data on social media platforms to customize voter outreach.
The ICO has issued eleven political parties with warning notices compelling them to submit to a full audit of their data protection practices, and has asked the government to legislate a statutory code of practice on the use of personal data in political campaigns. Ms. Denham has also called for an “ethical pause” to allow the key players to reflect on their responsibilities, and to rebuild trust in the democratic process.
Many of the same practices are also observed in Canadian elections. And much the same conclusions could be drawn about the need for greater transparency, and for a more uniform set of rules.
There are some encouraging developments. The Privacy Commissioner of Canada, in conjunction with B.C.’s Information and Privacy Commissioner, is investigating Facebook and Aggregate IQ. The B.C. Commissioner is conducting his own analysis of the operation of the province’s political parties. And the recent investigations of the House of Commons Standing Committee on Access to Information, Privacy and Ethics (ETHI) led to a recommendation to “subject political activities to laws that protect Canadians’ privacy.”
This issue is not solely about privacy and the intrusiveness of communications, it is about the health of contemporary democracy. The misuse, if not illegal processing, of personal data in contravention of modern privacy protection norms can influence electoral outcomes – from the Brexit referendum, to the Trump election and increasingly in developing countries like Nigeria and Kenya.
“Data crimes are real crimes” stated Elizabeth Denham in a soundbite that reminds us of the huge stakes in the misuse of personal information in data-driven elections.