GDPR and political parties
Mehreen Khan wrote recently in the Financial Times about how the European Commission is cracking down on European political groups profiting from voter data collection. Meaning, um? That they don’t want European parties to collect voter data and then sell it on to the highest bidder for a Cambridge Analytica-style voter targeting exercise? Or, that they don’t want European parties to buy data from data vendors of nefarious character and then use it to target voters? GDPR is now, as ever, a fraught and confusing space.
Helpfully, the EU justice commissioner Vera Jourova explains, “We have to come closer to how political campaigning works in the offline world for the online world”. But how does political campaigning work in the “offline world” that is so compliant with GDPR?
The dangers of voter data
We recently spoke with a national parliamentarian who boasted of his excellent system of data capture using voter canvassing cards. He uses them to get voters to fill out their contact information when he meets them face-to-face and he also takes the opportunity to capture their voting intentions. These canvassing cards presumably end up in the back seat of the car, or in a pile on the desk of the constituency office. No matter, it’s not like he has any obligation to safeguard this personally identifiable and sensitive data!
'Consent' in gathering voter data
The reality is that best-practice around data protection in political campaigning and constituency management is woefully underdeveloped. Political parties don’t seem to realise yet that 2018 represents Year Zero when it comes to voter data and that they need to begin to build those voter databases from the ground up starting today. This rebuilding is going to have to be done in two ways. Firstly, any existing voter data that is held on voters will need to be anonymised and packaged into geographic parcels so that they can be used to understand the overall demographic data of an area and have a sense of voting intention, etc. And on the other hand, any voter data that is collected from now on - that is personally identifiable - will need to be captured using ‘consent’ as its basis. This means getting an e-signature from the voter when talking to them face-to-face, or using something like an double opt-in system when capturing it online.
The world has changed for political parties post-GDPR and the European Commission is simply pointing out that fact to parties and politicians. With the European Parliament elections around the corner, it will be an interesting few months to see how parties respond to the new reality.
Get GDPR compliant software