HomeInsightsInformation Commissioner’s Office publishes summaries of its audits of UK political parties

Article by

The Information Commissioner’s Office (ICO) has set out how seven of the UK’s political parties need to improve the way they handle people’s personal data after assessing how they manage data protection.

The ICO audited the parties’ data protection compliance following significant concerns about transparency and the use of people’s data in political campaigning that were highlighted in its 2018 report, “Democracy Disrupted?”.

The ICO made recommendations for improvements across all political parties audited, with 70% being classified as urgent or high priority. Amongst those recommendations were several measures relating to both the systems in which personal data is used, and the way that the parties safeguard that data were also recommended to meet the requirements of accountability.

Key recommendations for the parties include:

  • providing the public with clear information at the outset about how their data will be used;
  • telling individuals when they use intrusive profiling such as combining information about those individuals from several different sources to find out more about their voting characteristics and interests;
  • being transparent when using personal data to profile and then target people with marketing via social media platforms;
  • being able to demonstrate that they are accountable, showing how parties meet their obligations and protect people’s rights;
  • carrying out thorough checks on all contracted and potential processors and third-party suppliers to gain assurances that they comply with the key transparency, security and accountability requirements of data protection law; and
  • reviewing their lawful bases for the different types of processing of personal data used to ensure the most appropriate basis is used.

These are the first data protection audits carried out on political parties and the ICO will be following up by asking the parties to show the changes they have made in response to the audit recommendations. Failure to take the appropriate steps could result in further regulatory action. To read the ICO’s press release in full and for a link to the summaries, click here.