UK policy makers have been urged to implement tighter rules around how digital ads can be used in elections, while Facebook is set for more scrutiny from European regulators.
Those are two key takeaways from the British Information Commissioner’s investigation into the role of data analytics in elections.
Launched in May 2017, the investigation took a high profile turn in March this year when it was revealed the data of 87 million Facebook users was improperly harvested and some of it used by Cambridge Analytica to target voters during the 2016 USA Presidential campaign.
- Leadership Webinar: Which-50’s 2019 Outlook and Business Transformation Drivers webinar is set for November 27. Register today!
The massive investigation is still ongoing (the commission says it’s working through 700 terabytes of data — the equivalent of 52 billion pages) but a 113-page report presented to UK Parliament overnight details the findings and enforceable actions undertaken so far.
The British watchdog has already fined Facebook £500,000 — the maximum penalty under laws that preceded the introduction of GDPR — for failing to keep users’ information safe. And it has deemed Facebook’s advertising operations warrant further investigation.
“We have referred our ongoing concerns about Facebook’s targeting functions and techniques used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices to the Irish Data Protection Commission, the lead supervisory authority for Facebook under the General Data Protection Regulation (GDPR),” the report states.
While voluntary actions of social media platforms are “welcome” the commission is pushing for a regulatory response.
More broadly, the investigation has concerns about the role of algorithms and profiling in the democratic process.
“Throughout our enquiries we found a disturbing disregard for voters’ personal privacy by players across the political campaigning ecosystem — from data companies and data brokers to social media platforms, campaign groups and political parties,” writes Elizabeth Denham, the UK information commissioner.
Denham urged the UK government to consider where there are regulatory gaps in the current data protection rules as they relates to the electoral law landscape.
The Information Commissioner is also soliciting views for a code of practice covering the use of data in campaigns and elections, to stamp out shady practices and simplify the rules to ensure analytics is used as a legitimate tool in campaigns and elections.
The report also takes aim at data brokers and the practice of “purchasing marketing lists and lifestyle information from data brokers without sufficient due diligence around how the data has been gathered”.
“During the course of our investigation, we found that some political parties had purchased datasets of personal data from data brokers and used this for election and campaign purposes, but had failed to obtain lawful consent for political parties to use those lists in this way. For example, the brokers had not explained who the data would be sold to or how it would be used when it was gathered,” the report states.