ICO Demands Urgent Data Protection Changes from UK Parties

The UK’s data protection commissioner has urged the country’s major political parties to urgently improve their data processing practices amid concerns that many voters do not know how their information is being used.

The Information Commissioner’s Office (ICO) has released a new privacy compliance exam that includes: Conservative Party, Labor Party, Liberal Democrats, Scottish National Party (SNP), Democratic Unionist Party (DUP), Plaid Cymru and the United States Kingdom Independence Party (UKIP).

Serious concerns have been raised that the parties may be breaching the GDPR in several key areas including: use of social media, profiling, accountability, privacy information, and the lawful basis for processing personal data.

Among the numerous recommendations, 70% were classified as “urgent” or “high priority”.

Information Commissioner Elizabeth Denham said that while the ICO recognizes the unique role of parties in a democratic society, they cannot operate above the law.

“Society benefits from political parties that want to stay in touch with the people through better informed voting, better engagement with hard-to-reach groups and the potential for increased engagement in democratic processes,” she added.

“However, the engagement must comply with the legal obligations, especially if there is a risk of a significant invasion of privacy. All political parties must use personal data in a transparent, human-understood, and lawful manner in order to maintain voter confidence. “

The ICO’s recommendations include asking parties to provide clear information in privacy notices about how voters’ data will be used and to be clear if they are using profiling techniques that combine information from different sources, especially if they are be done through social media.

The parties must also demonstrate how they protect human rights and ensure that contractors and suppliers comply with data protection laws. Finally, they need to review their legal basis for the different types of processing of personal data to ensure that the most appropriate basis is used.

Recent articles

Crypto exchanges struggle as El Salvador adopts Bitcoin

Today, Bitcoin is becoming an official currency in El Salvador, and the markets and crypto exchanges seem to be struggling. On...

Schools are back – and time to comply with the ICO’s Age Appropriate Design Code

As of September 2, 2021, the United Kingdom's Information Commissioner's Office ("ICO") expects organizations to use their Age Appropriate Design Code ("AADC"). The...

the ICO wants input on when personal data goes international

You don't have to be a data-focused IT service provider to realize that the UK was lucky enough to receive an adequacy decision from...