Skip to main content

The British Information Commissioner’s decision to launch an immediate audit of British political parties is fuelling criticism of the fact that Canada’s federal parties work completely outside of the law when it comes to Canadians’ privacy.

This week’s report from Commissioner Elizabeth Denham exposed new details about how political parties are building databases that mix traditional sources with private data from third parties.

For instance, the Labour Party in Britain told the commissioner that its voter database includes information from a company called “Emma’s Diary,” an advice service for pregnant women.

The report also found that all three main parties in Britain are using software that predicts an individual’s ethnicity and age based on their name.

Ms. Denham’s report says parties and their private “data broker” partners need to ensure they are following existing laws related to securing consent from individuals over how information is used.

Canada’s Liberal government has so far resisted calls to end the current exemption political parties have when it comes to privacy legislation. Instead, the government’s latest elections reform bill, C-76, simply requires political parties to have a privacy policy in place.

Daniel Therrien, Canada’s federal Privacy Commissioner, has dismissed that provision as inadequate and proposed amendments to the bill that would give his office the power to audit political parties.

Tobi Cohen, a spokeswoman for Mr. Therrien, said the British report’s concerns about how political parties use information from third-party data brokers is an example of why oversight is needed for Canadian political parties. The report said parties must ensure that such information is gathered with the clear consent of the individuals involved.

“This finding and recommendation supports Commissioner Therrien’s call that federal political parties in Canada should be subject to privacy laws and that their compliance with these laws should be independently verified,” Ms. Cohen said in a statement.

The House of Commons committee on Access to Information, Privacy and Ethics released an all-party report earlier this year that called for privacy laws to apply to political parties.

Conservative MP Peter Kent said the report adds to the pressure Ottawa is facing to enhance the privacy commissioner’s powers in this area.

“They could act very quickly. I’m not confident that they will,” he said.

Nicky Cayer, a spokeswoman for Democratic Institutions Minister Karina Gould, said private companies are already subject to privacy laws in Canada and the government’s elections reform bill “is a large step forward” for improving the transparency of political parties.

“This legislation, if passed, will mean that for the first time, political parties will be subject to privacy regulations at the federal level,” she said in a statement, and added that they are reviewing Mr. Thierren’s proposals.

NDP MP Charlie Angus said Ottawa must also approve tougher rules for companies like Facebook and Google when it comes to elections and the collection of personal information.

“I think this government is just way too comfy cosy with the big data collectors, because they think it serves their political interests, but it’s not serving the interests of Canadian democracy,” he said.

The British commissioner’s report is based on her office’s investigation of how Cambridge Analytica, a political consulting firm, obtained personal data from 87 million Facebook users and used the data in unauthorized ways to target voters in the United States and Britain.

The report also looks at the role played by a small Victoria-based company called AggregateIQ (AIQ), which worked to place ads for the Vote Leave campaign during the 2016 Brexit referendum. The U.K. commissioner’s office said it is continuing to investigate links between AIQ and SCL. AIQ denies working with SCL or Cambridge Analytica on the Brexit campaign.

Ms. Denham announced this week that her office plans to fine Facebook for violating data protection laws and will bar AIQ from handling data belonging to British citizens.

In an email to The Globe and Mail on Wednesday, AIQ chief operating officer Jeff Silvester said the company strongly disputes the commissioner’s conclusions with respect to the company.

“The enforcement order is inconsistent with the communication we have had with the [commissioner], inconsistent with the facts, and inconsistent with the law,” he wrote.

Editor’s note: An earlier version of this story incorrectly stated as an established fact that AggregateIQ worked with Cambridge Analtyica’s parent company, SCL Group, during the 2016 Brexit referendum. AggregateIQ denies working with SCL on the Brexit referendum. The commissioner’s report said the office is continuing to investigate allegations of links between Cambridge Analytica, SCL, AIQ and the UK referendum.

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe