Britský dozorový úřad ochrany osobních údajů (ICO – Information Commissioner’s Office) dnes zveřejnil zprávu o závěrech z vyšetřování ve věci zneužívání osobních údajů a datové analytiky při vedení politických kampaní – „Investigation into the use of data analytics in political campaigns„, které započal před 18 měsíci v květnu 2017.
V rámci vyšetřování ICO dospěl k závěru, že udělí sankce pro porušení zákona společnostem Eldon Insurance a Leave.EU pro porušení zákona o ochraně soukromí a regulaci obchodních sdělení v sítích elektronických komunikací z roku 2003.
The ICO has today issued its notice of intent to fine Eldon Insurance (trading as Go Skippy) £60,000 for contraventions of the Privacy and Electronic Communications Regulations 2003 (PECR), and £75,000 on Leave.EU also for PECR breaches.
The ICO says that both Leave.EU and Eldon Insurance had breached the PECR by sending one million emails to Leave.EU subscribers over two separate periods which also included marketing for GoSkippy services without the individuals’ consent.
The ICO has also issued a preliminary enforcement notice requiring Leave.EU to be fully compliant with PECR 2003 before sending emails to subscribers. The organisations may send representations by 5 December.
Speaking today at the House of Commons Digital, Culture, Media and Sport Committee hearing on fake news and disinformation, Information Commissioner Elizabeth Denham, said that the organisations had failed to keep separate the personal data on insurance clients and Leave.EU targets. The ICO will now look into this in more detail during an audit on Eldon, which will allow looking into the detail and make findings under the Data Protection Act 2018.
“We have concerns of ongoing misuse of personal data,” Denham said.
While she said that her new powers are fit for the digital age, she may still need a power to compel individuals to be interviewed. UKIP is one of the organisations that has failed to cooperate with the ICO during its investigation into political influencing. The ICO won this case, to compel UKIP to respond to the ICO’s questions, before the First-tier Tribunal (Information Rights) but UKIP has appealed against this decision.
Denham said that her work will continue in this area including Facebook/Cambridge Analytica data sharing: “Some of the issues uncovered in our investigation are still ongoing or will require further investigation or action.”
Multiple jurisdictions are struggling to retain fundamental democratic principles in the face of opaque digital technologies.
The DCMS Select Committee is conducting a comprehensive inquiry into Disinformation. The EU says electoral law needs to be updated to reflect the new digital reality, initiating new measures against electoral interference. A Canadian Parliamentary Committee has recommended extending privacy law to political parties and the US is considering introducing its first comprehensive data protection law.
Parliamentarians, journalists, civil society and citizens have woken up to the fact that transparency is the cornerstone of democracy. Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced.
The invisible, ‘behind the scenes’ use of personal data to target political messages to individuals must be transparent and lawful if we are to preserve the integrity of our election process.
We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.
Zdroj: tisková zpráva a dokument ICO, Velká Británie