top of page
Search

Political Micro-targeting and the ‘who’s going to vote who’ dilemma: UK data protection perspective

Updated: Aug 4, 2021


In the UK, political parties are allowed to process data without consent under Article 6 (1e) of the General Data Protection Directive (GDPR) under ‘public interest’ as it ‘promotes and supports democratic engagement. However, this can lead to political parties manipulating the data obtained and spreading disinformation through deep-fake videos eventually affecting the rights of the data subjects (Frederic J. et al., 2018).


Political micro-targeting involves profiling and processing sensitive information that is obtained through data brokers and social media platforms (Anstead, 2017). The famous Cambridge Analytica scandal revealed psychographic profiles of individuals gathered through behavioural targeting by tracking online interactions (likes, dislikes) and ‘cookies’(Cadwalladr and Harrison, 2018) - which is then offered to political parties to target individuals with customized political advertisements (Bennett, 2016). Such US-style databases have been used by three major political parties in the United Kingdom (UK) during the 2015 general elections. The Conservative party adopted US style individual-level micro-targeting and was able to secure a winning position (Anstead, 2017).


The Leave.EU campaign also utilized political micro-targeting. The investigation into the Leave.EU campaign focused on whether the purchasing of data from third parties was lawful and consented to (Denham, 2018). There was no mention that the very act of ‘collecting sensitive data’ from private organisations for political micro-targeting purposes was a cause of concern (Denham, 2018). This is because, in the UK, Recital 56 of the GDPR permits political parties to process personal data revealing political opinions of data subjects during electoral activities of members and former members.


Based on the UK case law, certain things need to be taken into consideration when considering the rights of the data subjects.


Chilling Effects


Firstly, it should be noted that constant behavioural targeting leads to online surveillance. In Digital Rights Ireland, it was stated that ‘constant surveillance’ caused a ‘concerned feeling’ among data subjects and, hence, is not compatible with Article 7- the right to privacy and Article 8- the right to data protection of the Charter of Fundamental Rights (CFR). As political micro-targeting involves behavioural targeting, such constant monitoring of social activity can lead to chilling effects and data subjects are likely to change their online behaviour if they are aware of such constant surveillance (Frederic J. et al., 2018).


This can further be argued. The purpose of political micro-targeting according to the GDPR is to promote democratic engagement. However, when individuals are aware of such targeting and change their online behaviour accordingly, it can be argued that such political micro-targeting does not necessarily help promote ‘democratic engagement’. Political advertisements are only targeted at individuals who fit within the political party’s ‘voters profile’ but such ‘chilling effects’ can lead to the data subject’s changing their online behaviour potentially faking their way into this ‘voter’s profile’. Such constant surveillance and ‘chilling effects’ can lead to the data subject’s not engaging on social media altogether or data subject’s changing their behaviours due to the fear of surveillance, ultimately altering the results expected through such political micro-targeting.


Deep Fake Videos


The use of social media platforms has also increased the spread of deep-fake news and videos (Tiddy and Schraer, 2019). Due to political parties’ right to freedom of expression (Bowman v the United Kingdom, 1995), political advertising is regulated outside ASA ad does not require claims in political campaigns to be truthful (Conway, 2019). As mentioned in Castells v Spain – interference with this right is subject to the ‘closest scrutiny’ due to their importance in a democracy. This leads to the spread of disinformation as deep=fake videos make it look like someone said something when they did not. This creates ‘filter bubbles’ and leads to manipulation (Kertysova, 2018).

On the other hand, the data subject’s not being targeted is being deprived of their right to information about political parties. Individuals are targeted with advertisements according to their psychographic profiles and are manipulated as they only focus on the political topics that they have been targeted with and the ads they have been bombarded with (Kertysova, 2018). This affects the individual’s freedom to receive information (Freedom of Information Act 2000 and Human Rights Act 1988, Article 10) and the freedom of thought and opinion (Human Rights Act 1988, Article 9). The European Member States are also under the obligation to enable ‘free elections’, which is also affected as people’s opinion in the choice of the legislature is manipulated as candidates - ‘know who people will vote before they vote’ (Bennet, 2015).

This is unethical especially in the course of ‘promoting democratic engagement’. It should be noted that political micro-targeting on social media does promote democratic engagement (Feiner, 2018). However, it is also essential that proportionality exists between the rights of the data subjects and rights of political parties and what is considered in ‘public interest’.


Profiling


Behavioural targeting involves profiling. Behaviour targeting is based on the customer’s web insights and links which is then used to create a profile of an individual to send targeted advertisements. The gathering of such data from various third party organisations’ can lead to the revelation of the content data of an individual (SightCorp, 2021). Political parties in the UK do not require consent to process such sensitive information as under Article 8(e) Data Protection Act it is in ‘public interest’ to do so. However, political micro-targeting involves profiling and under Article 22 GDPR requires ‘explicit consent'. The ICO stated that collecting such data was permitted as a ‘contractual relationship’ existed between American International Group (AIG) and Leave.EU (Denham, 2018). However, even though consent is given to the data broker, there is no knowledge that the data is being processed by political parties to reveal further sensitive information and is not fair and transparent as required under Recital 60 and Article 7 GDPR.


The essence of the right to privacy and data protection


Second, it can be argued that the essence of the right to privacy and data protection is affected. In, Digital Rights Ireland, the CJEU concluded that the essence of the right to privacy and data protection is not affected since the Directive did not require the acquisition of content data. However, there is no guidance on whether this ‘personal data obtained is restricted to the electoral roll or on ‘regular contact’ and could mean anything-from attending a meeting together or even following and liking pictures of a candidate on social media (Bennett, 2016). Behavioural targeting requires the acquisition of content to create psychographic profiles and goes beyond just the electoral roll.


In Schrems, it was stated that since no legal remedies are available to the data subjects, the very essence of the right to private life and the right to data protection was affected. Therefore, it can be argued that political micro-targeting can affect the essence of the right to private life and data protection as the lack of transparency on consent does not provide the individual with the right to withdraw consent, the right to rectification and the right to erasure. Consent for political micro-targeting is not directly obtained through the political parties. In Planet 49 it was stated that different purposes should not be bundled under the same consent asked. Therefore, it can be said that political micro-targeting, based on UK case law, can breach the very essence of the right to privacy and data protection.


Therefore, based on previous case law and the GDPR, political micro-targeting does not comply with the GDPR and the data subject’s rights as it can lead to manipulation and spread of disinformation through deep-fake news in the name of ‘promoting democratic engagement’(Chesney and Citron, 2018). The data subject’s right to receive information, right to data protection, right to privacy and right to thought and opinion is affected based on political parties’ right to freedom of expression and democratic engagement.














Cases


Case C- 70/10 Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM) [2011] ECR I-11959


Case C-360/10 Belgische Vereniging van Auteurs, Componisten


en Uitgevers CVBA (SABAM) v Netlog NV [2012] C-360/10 [2012] 1 All ER (ECJ)


Case C-362/14 Maximillian Schrems v Data Protection Commissioner [2015] 650 ECLI


Case C-673/17 Bundesverband der Verbraucherzentralen und Verbraucherverbande – Verbraucherzentrale Bundesverband eV v Planet49 GmbH [2019] 9 WLUK 540 [2020] 1 CMLR 5


Animal Defenders International v. UK App No 48876/08 (ECHR, 22 April 2013) [117]


Bowman v United Kingdom (1995) 26 EHRR 1



Castells v Spain App No 11798/85 (ECHR, 23 April 1992)


Delfi AS v Estonia App No 64569/09 [2015]


Einarsson v. Iceland App No. 10692/09, 24703/15) (ECHR, 7 November 2017)


Google Spain v Agencia Espanola de Proteccion de Datos (AEPD) [2014] EU:C 317 (Q.B.) 1022 [50]


Joined Cases C-293/12 and C-594/12 Digital Rights Ireland Ltd. v. Minister for Communications, Marine and Natural Resources and Kärntner Landesregierung and Others [2014] 238 ECLI


L’Oreal SA v Ebay International AG [2011] ECJ C-324/09, [2011] ECR I-6011



Magyar Jeti Zrt v. Hungary App No 11257/16 (4 December, 2018)


Mariya Alekhina and Others v. Russia App No 38004/12 (17 July, 2018)


TV Vest As & Rogaland Pensjonistparti v. Norway App No. 21132/05 (ECHR, 11 December 2008)


Statutes


Communications Act 2003, s321


Data Protection Act, Article 8(1.e)




Freedom of Information Act 2000


Human Rights Act 1988, Article 3 Protocol 1


Human Rights Act 1988, Article 9


Human Rights Act 1988, Article 10


EU Legislation


Charter of Fundamental Rights of the European Union [2012] OJ C 326/02 Article 7



Charter of Fundamental Rights of the European Union [2012] OJ C 326/02 Article 8


Charter of Fundamental Rights of the European Union [2012] OJ C 326/02 Article 11


Directive 2000/31/EC of the European Parliament on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on Electronic Commerce) [2000] OJL 178, Article 15


Directive 2000/31/EC of the European Parliament on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on Electronic Commerce) [2000] OJL 178, Article 5 (3)




Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJL 119, Article 22,


Regulation (EU) 2016/679 of the European Parliament and of the C


ouncil of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJL 119, Recital 56


Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJL 119, Recital 60


Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of p


ersonal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJL 119, Article 4



Journal Articles


Bobby Chesney and Danielle Citron ‘A Looming Challenge for Privacy, Democracy, and National Security’ [2018] 107 California Law Review 1753




Online Journals


Colin J Bennett ‘Voter Databases, Micro-targeting and Data Protection Law: Can political parties campaign in Europe as they do in North America?’ [2016] 7(1) International Data Privacy Law < https://academic.oup.com/idpl/article/6/4/261/2567747> accessed: 24 February 2021


Elizabeth Denham ‘The Investigation into the use of data analytics in political campaigns’ [2018] ICO < https://ico.org.uk/media/action-weve-taken/2260271/investigation-into-the-use-of-data-analytics-in-political-campaigns-final-20181105.pdf> accessed: 26 June 2021


Frederik J. Zuiderveen Borgesius, Judith Möller, Sanne Kruikemeier, Ronan Ó Fathaigh, Kristina Irion, Tom Dobber, Balazs Bodo and Claes de Vreese


‘Online Political Micro-targeting: Promises and Threats for Democracy’ [2018] Utrecht Law Review < https://www.utrechtlawreview.org/articles/abstract/10.18352/ulr.420/> accessed: 21 June 2021


Katarina Kertysova ‘Artificial Intelligence and Disinformation’ [2018] 29 Security and Human Rights < https://brill.com/downloadpdf/journals/shrs/29/1-4/article-p55_55.pdf> accessed: 27 June 2021


Nick Anstead ‘Data-driven campaigning in the 2015 UK general elections’ [2017] The International Journal of Press/Politics <http://eprints.lse.ac.uk/72066/1/Anstead_Data-driven%20campaigning_2017.pdf> accessed: 27 June 2021



Websites and Blogs



Carole Cadwalladr and Emma Graham Harrison ‘Revealed: 50 million Facebook Profiles harvested for Cambridge Analytica’ (The Guardian, 17 March 2018) <https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election> accessed: 21 June 2021


Joe Tiddy and Rachel Schraer ‘General election 2019: Ads are


indecent, dishonest and untruthful’ (BBC News, 17 December 2019) < https://www.bbc.co.uk/news/technology-50726500> accessed: 21 June 2021


Sight Corp [2021] ‘Behavioral Targeting’ [online] Available at: https://sightcorp.com/knowledge-base/behavioral-targeting/ (Accessed: 12 July, 2021)



Lauren Feiner ‘How Google, Apple, Facebook and other tech companies are getting out the vote on Election day’ (CNBC, 6 November 2018) <




Lorraine Conway ‘Who regulates political advertising?’ (House of Commons Library, 2019) <https://commonslibrary.parliament.uk/insights/who-regulates-political-advertising/> accessed: 27 June 2021


43 views0 comments

Recent Posts

See All

Comments


bottom of page