Information Commissioner’s Office – written evidence (DAD0043)

 

Introduction

 

  1. The Information Commissioner has responsibility in the UK for promoting and enforcing the Data Protection Act 2018 (DPA18), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA) and the Privacy and Electronic Communications Regulations 2003 (PECR).

 

  1. The Commissioner is independent of Government and upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. She does this by providing guidance to organisations, solving problems where she can and taking appropriate action where the law is broken.

 

  1. The Information Commissioner welcomes the opportunity to respond to the Committee’s inquiry. She has the unique experience of investigating a range of actors involved in the online political ecosystem and tackling online harms where data protection and privacy is concerned. This response touches on some of the main themes of the Committee’s terms of reference with links to further relevant evidence, including recent thinking by her office.

 

Transparency in digital political campaigning

 

  1. It is vital for the democratic process for political parties and campaigners to be able to communicate effectively with voters. We have also seen in recent years the rapid development in and increased spending on new digital technologies and communication tools. What is concerning from a data protection perspective is the transparency deficit. Trust and confidence in the integrity of our democracy risks being undermined because voters are not always aware of the invisible processing that is taking place to micro target them with political messaging.

 

  1. Politics relies on open and collective debate. In free and fair elections and campaigns, it is important that voters have access to the full spectrum of political messaging and information, and that they know the source of the adverts and messages they see, including who funded them. Fairness is also a key principle under data protection law.

 

  1. Our ‘Democracy Disrupted? report[1] published in July 2018 provides a detailed account of our investigation and 10 policy recommendations to improve transparency in political campaigning.

 

  1. This report also illustrated the complex ecosystem that underpins modern digital campaigning – with the political parties or campaign groups at the centre.  All linked to digital services provided by social media companies, data brokers and data analytics companies.

 

  1. Our draft framework code of practice for the use of personal data in political campaigning is out for consultation until 4 October 2019[2]. The aim is to set out a level playing field for all of the different actors who are using data for political purposes. As the regulator, we are not saying political parties and campaigners cannot use digital campaigning tools, indeed there are many vitally important benefits for democracy that come from the direct engagement they encourage.  Instead it is about how you use them safely and transparently in accordance with the law.

 

  1. The Information Commissioner has also provided extensive evidence to various domestic and international parliamentary committees including the DCMS Select Committee[3] and Joint Committee on Human Rights[4]. More recently, we published our thoughts on the Government’s Online Harms White Paper.[5]

 

  1. Data protection law has been modernised for the digital age but other areas of digital regulation have not been. Regulatory modernisation must catch up across the whole regulatory landscape.

 

Use and governance of algorithms

 

  1. In terms of algorithmic transparency and auditing algorithms, we have the requirements and safeguards in the GDPR as a powerful tool, including provisions related to profiling. There are greater requirements for explainability for algorithms in the context of personal data. We are working with experts at pace in this area, including the appointment of an AI research fellow from the University of Oxford. We recently released an interim report called Project ExplAIn[6] which may be of interest to the Committee. It sets out how we can provide meaningful transparency in the context of AI.

 

  1. We are keen to continue to contribute to the debate. Government and Parliament have started to set the standards to address this societal issue. We will continue to work closely with other regulators working to ensure we provide joined up message on areas of common interest such as transparency.

 

  1.    Should there be an area of interest to the Committee, the Information Commissioner would be happy to expand further.

 

 

 

2

 


[1] Democracy Disrupted? Personal information and political influence https://bit.ly/2NJgNFB

[2] ICO consultation on the draft framework code of practice for the use of personal data in political campaigning https://bit.ly/2kuwzKT

[3] Oral evidence by Elizabeth Denham, Information Commissioner and James Dipple-Johnstone, Deputy Commissioner (Regulatory Supervision) on 27 November 2018 https://bit.ly/2m3JwMc

[4] Joint Committee on Human Right: The right to privacy (Article 8) and the digital revolution https://bit.ly/2lXJRzZ

[5] ICO’s response to the Department for Digital, Culture, Media and Sport consultation on the Online Harms White Paper https://bit.ly/2mrU6N7

[6] Project Explain interim report https://bit.ly/2kn8ohc