It was back in May 2017 when the ICO first started looking at the use of “big data” within politics, when it formally announced it will be opening a formal investigation into the use of data for political purposes on the back of the Cambridge Analytica/Facebook scandal.
Since then the ICO has investigated and taken action against a number of high profile organisations including Facebook (fined £500m last month) and SCL (the company behind Cambridge Analytica).
And this week, the ICO has issued a report to Parliament bringing their investigation and findings up to date:
We intended our investigation to be comprehensive and forensic. We have identified 71 witnesses of interest, 5 reviewed the practices of 30 organisations and are working through 700 terabytes – the equivalent of 52 billion pages – of data.
We have uncovered a disturbing disregard for voters’ personal privacy. Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.
The ICO say the investigation has become “the largest investigation of its type by any Data Protection Authority”.
In terms of action the report highlights the action taken to date, indicates that it is considering potential criminal offences, and have focused on:
- Failures to comply with data protection principles
- Failures to comply with PECR
- The relationship between GDPR and the (old) Data Protection Act 1998
- Offences under the (new) Data Protection Act 2018 relating to obtaining and disclosing (including selling) personal data without appropriate consent
As well as the report the ICO have also launched a “call for views” on proposals for a Code of Practice for the use of personal information in political campaigns. They have the ability under GDPR to produce such Codes as they wish and this call for views is essentially asking political parties, campaign groups, electoral candidates, data brokers and anyone else involved in data relating to politics, for their opinions on their approach, the creation of the Code and what the Code might look like. Responses are being taken, online, until Friday 21st December 2018.
Providing cost-effective, simple to understand and practical GDPR and ePrivacy advice and guidance, via my one-stop-shop helpline. I ❤️ GDPR