ICO rules political parties must improve data practices

From June to September 2019, the Information Commissioner’s Office (ICO) undertook audits of seven political parties: the Conservative Party; the Labour Party; the Liberal Democrats; the Scottish National Party (SNP); the Democratic Unionist Party (DUP); Plaid Cymru; and United Kingdom Independence Party (Ukip).

The work was conducted as part of the ICO’s wider investigation of the trading and profiling of personal data.

In a summary of the audits, the regulator said it had found areas for improvement “in both transparency and lawfulness” and made recommendations across all political parties audited to ensure their data processing complies with data protection laws. The ICO categorised 70% of the recommendation priorities as ‘urgent’ or ‘high priority’.

The recommendations, which have already been shared with the parties involved, include providing the public with clear information about how their data will be used, and telling people when they use profiling methods, such as combining information about them from several different sources.

The ICO said all the parties audited had indicated they were willing to take action to improve their compliance on a voluntary basis. It plans to follow up on their progress “later this year”, by carrying out a review of updated action plans in key compliance areas.

Elizabeth Denham, information commissioner, said in the report: “All political parties must use personal information in ways that are transparent, understood by people and lawful, if they are to retain the trust and confidence of electorates.

“The transparency and accountability required by data protection is a key aspect in developing and maintaining trust, and so there is an important role for the ICO in scrutinising this area.”