Data breaches, GDPR and the implications for political advertising

With recent data privacy scandals at the forefront of public debate and the implementation of GDPR legislation approaching ever faster, now is a time for data privacy policy introspection and, most likely, revaluation.

Given the public attention and the potential for loss of trust, no one should be more concerned than the UK’s political parties.

Historically, political parties have often broken the rules around what they can do during a political campaign. Whether paying for the public’s contact details, flaunting advertising laws or canvassing beyond permissibility, political parties have, on many occasions, acted outside the law.

Most recently, the ICO investigated the Conservative Party for paying for canvassing on behalf of Conservative election candidates (which is banned under election law), political cold calling to prohibited numbers and making misleading calls claiming to be from an ‘independent market research company’ which does not exist.

Had these revelations come to the fore today or in the near future, when the public conversation is so focused on data privacy breaches, one could be sure that the effect on public opinion would be more severe.

However, despite growing public concern about data breaches, all in all, it could well be the case that political parties may still benefit from disregarding the rules.

Political parties may quietly permit this behaviour because it works. The ICO may issue them a fine, but that is all it can do. When all is said and done, the seats have been won and an ICO ruling can’t change this.

The GDPR legislation does allow for greater punishment in general for data privacy breaches. Up to 4% of global turnover can be demanded by the regulator. However, it is unlikely that even this cost will outweigh the benefit of winning seats.

In saying this, one aspect of the debate that GDPR will help to change is public attitude. This is undoubtedly a good thing as, the weight of public opinion is a powerful catalyst for change, even if it takes some time for lawmakers to respond. Riding on the waves created by the allegations of foul play by Cambridge Analytica and Facebook, the European legislation chimes with the concerns of the public.

It may well be the case that the weight of public opinion, alongside increased fines, will create enough toxicity around breaching direct marketing laws to force adherence in the political sphere.

Similarly, while there is some uncertainty around how enforcement of the legislation on social media sites will take effect, one can be sure that the ICO won’t be keen to give them anywhere near the kind of freedom they have enjoyed until now.

If the trend continues in this direction, it isn’t out of the realm of possibility that that legislators themselves may hand powers to the ICO to invalidate elections where it is deemed enough fraudulent activity has taken place.

Whatever happens, one thing is for sure, political parties will have to watch their backs from now on. Voter trust is the one thing they can’t afford to lose. Now that data protection is at the centre of attention, breaching public privacy laws is a sure way to do it.