The Conservative Party, no doubt scrabbling to gather perceived support for its contentious immigration policies and measures is running a web and social media campaign. The web page encourages those visiting it to “back our plan and send a message” to other parties:
Further down the page visitors are invited to “send Labour a message”
Clicking on either of the red buttons in those screenshots results in a pop-up form, on which one can say whether or not one supports the Tory plans (in the screenshot below, I’ve selected “no”)
One is then required to give one’s name, email address and postcode, and there is a tick box against text saying “I agree to the Conservative Party, and the wider Conservative Party, using the information I provide to keep me updated via email about the Party’s campaigns and opportunities to get involved”
There are two things to note.
First, the form appears to submit whether one ticks the “I agree” box or not.
So anyone submitting their special category data (information about one’s views on a political party’s policies on immigration is personal data revealing political opinions, and so Article 9 UK GDPR applies) has no idea whatsoever how it will subsequently be processed by the Tories.
I suppose there is an argument that anyone who happens upon this page, and chooses to submit the form, has a good idea what is going on (although that is by no means certain, and people could quite plausibly think that it provides an opportunity to provide views contrary to the Tories’). In any event, it would seem potentially to meet to definition of “plugging” (political lobbying under the guide of research) which ICO deals with in its direct marketing guidance.
Also in any event, the absence of any workable links to privacy notice information means, unavoidably, that the lawfulness of any subsequent processing is vitiated.
It’s the sort of thing I would hope the ICO is alive to (I’ve seen people on social media saying they have complained to ICO). But I won’t hold my breath on that – many years ago I wrote about how such data abuse was rife across the political spectrum – but little if anything has changed.
And finally, the most remarkable thing of all is that I’ve written a whole post on what is a pressing and high-profile issue without once mentioning Gary Lineker.
The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.