We need free and fair elections in order for democracy to work. Two key aspects of ensuring that the people’s voice is heard is access to information (transparency or shining a light on the process) and data protection (processing of voters personal data as part of the election).
Access to information in elections
Most countries have access to information law that applies to elections as it does to many other things. Many countries also have access to information provisions in their electoral laws. The two almost always work together. But in most countries, political parties are not obliged to provide access to information – they do not fall within the ambit of the public bodies who must provide access. According to the Electoral Code of Conduct of that Act
There are also various guidelines that various different bodies or authorities have published. For example, there are the Guidelines on Access to Information and Elections in Africa (November 2017) drafted by the African Commission on Human and Peoples’ Rights. Note that these guidelines relate just to Africa and just to access to information and not to data protection.
Data protection in elections
Elections by their nature require all the different role players (election management bodies, election monitors or observers and political parties) to process lots of personal data. Digital campaigning is here to stay. It is important that this personal data is processed lawfully. Mostly political parties simply want a level playing field.
There are many data protection laws that deal with the issues, including the GDPR. Recital 56 on Processing personal data on people’s political opinions by parties says that “Where in the course of electoral activities, the operation of the democratic system in a Member State requires that political parties compile personal data on people’s political opinions, the processing of such data may be permitted for reasons of public interest, provided that appropriate safeguards are established.” There are also all the different data protection laws of all the countries of the world.
Obviously, electoral law has a huge impact on elections, including access to information and data protection in elections. Some electoral laws contain access to information and data protection provisions – others don’t – others deal with it indirectly. For example, the South African Electoral Act 73 of 1998 states that no person may prevent any representative of a registered party or representative from gaining reasonable access to voters, whether in a public or private space. And the Electoral Code of Conduct states that no person may unreasonably prevent any other person access to voters for the purpose of voter education, collecting signatures, recruiting members, raising funds or canvassing support for a party or candidate.
The key point is that you have to consider all relevant laws and the overlap between them.
In many countries, electoral laws need to be updated to deal with the way modern elections get held. An interesting development is that Spain has amended their electoral law to enable political parties to do many things. The EDPB has written a letter in response to this issue.
Guidelines, codes and standards related to elections
The ICO in the UK includes guidance on its website for elected representatives and political parties and guidance on political campaigning in which it states that “use of the full register during elections or referendums is legitimate and an organisation may contact an individual to promote a political campaign unless it is aware that the individual objects to direct marketing.” It has also published FAQs for Parliamentarians in which it states “‘legitimate interests’ is likely to also be a relevant alternative [to consent] for Parliamentarians”. We have added the part in square brackets.
The ICO did an investigation into how political parties and campaign groups use personal information and sophisticated data analytics techniques to target voters and on 11 July 2018 produced a report called Democracy Disrupted? Personal information and political influence. The ICO also did an investigation into data analytics for political purposes (including Cambridge Analytica) and submitted a report to Parliament on 6 November 2018. The ICO has started a process to create a Code of Practice for the use of personal information in political campaigns.
In the EU, the European Commission has published guidance on the application of Union data protection law in the electoral context and the European Parliament and Commission have enacted rules for the protection of personal data in the context of elections to the European Parliament.
Various other countries have released guidelines on the processing of personal data of a voter by a political party. There were also calls at the ICIC 2019 for the ICIC to develop an International guideline relating with both access to information and data protection in elections, which would contain a set of principles that could act as a guideline.
The balance is often between the public interest and personal privacy
The United Nation has published a Handbook on the Legal, Technical and Human Rights Aspects of Elections. The Carter Center has produced Election Standards.
The Information Regulator is in the process of issuing guidelines on the processing of personal information of a voter by a political party.
Mark Zuckerberg has even called for new global rules for election integrity.
Who regulates elections?
There are many different organisations and bodies. There are election management bodies (like the IEC) and, election monitors or observers. There are media regulators, monitors and watchdogs. There are information commissioners. It is crucial that they do not work in silos, but rather work together to ensure that there are free and fair elections.
Some key questions related to elections
- Should political parties (and donors themselves) be obliged to identify who donates money to political parties? How much transparency should there be on political funding?
- Who should have access to data that reveals political ideology?
- Should the list of candidates be publicly available? How much personal information should be made public to enable voters to decide who to vote for?
- Should a voters list or roll be made available to everyone or just certain bodies? What information on it should be given and how? There are important reasons for having one and publishing it. For example, for all involved to check whether all people on the list who are alive. But at the same time, we need to protect people’s personal data so that it does not get used for other purposes (for example, direct marketing).
- When is it lawful for political parties to collect personal data for elections?
- Can political parties profile people?
- Can political parties target voters with ads based on their internet browsing history?
- Can political parties send emails and SMS to (communicate electronically with) voters? Is campaigning regarded as direct marketing?
- Is it in the legitimate interests of a political party to process the personal information of voters to canvass votes?
- When can an organisation process data about someones’ political persuasion?
- When should people be able to get access to information held by political parties or other organisations who have information about the electoral process?
Where does the balance lie?
There are often no right or wrong answers to these questions. Often the law does not provide clarity but rather gives us the principles that we must consider when balancing the different rights and interests of the different role players to find answers. Often, there is only clarity when a court passes judgement or a Parliament changes the law to directly deal with an issue. For example, you often have to balance public interest with personal privacy.
Each question can often be viewed from many different perspectives – all of them valid to a degree. Almost always a balancing of rights or interest needs to take place and a middle ground found.
The answers also differ from country to country.