The development and use of massive voter databases and sophisticated “micro-targeting” techniques by political parties are raising concerns about the privacy rights of the people targeted by these efforts. When I wrote about the use of these techniques by the Obama campaign in the last presidential election in the United States, I suggested that “the future is creepy.” I am not the only one to think about this stuff, of course. The CBC had a story about the use of databases by Canadian parties, not only to identify and turn out their own supporters, but also to discourage opponents’ supporters from voting, though it did not specifically discuss privacy issues. Radio-Canada’s internet blogger, Vincent Grou, raises them in a recent post, and points to a report on the topic prepared last year for the Office of the Privacy Commissioner of Canada by Colin J. Bennett and Robin M. Bayley.
The main takeaway from this report is that, although parties now collect and use large amounts of information about voters, members, donors, activists, and candidates, they are not subject to the existing privacy legislation in Canada, which typically only applies to governments and to commercial enterprises, except for British Columbia’s Personal Information Protection Act, S.B.C. 2003 c. 63. (Readers with good memories may remember me saying the contrary in the post linked to above. I was wrong. Mea culpa.) This is troubling, because parties do not respect the rules that other organizations are subject to, and put Canadians’ personal information at risk. At the same time, parties are very important in the Canadian democratic process, in particular in organizing and promoting political participation. Thus, “in general terms, the debate centers on the balance between the two values of personal privacy and political participation” (3).
There report also notes a number of background factors which this debate must take into account. One is the continuing decline of the importance of parties for mobilizing the electorate, and loss of public trust in parties. In this context, the report argues, one party’s sins of commission (such as an abuse of information on voters) or omission (such as a failure to protect information) might prove very harmful for the democratic system as a whole. A second is that the technologies which parties use directly (their databases and data-mining software) or indirectly (for example social networks on which they can gather information) are developing very quickly, and thus the parties’ behaviour is difficult to regulate in ways that will make sense not only at present, but also in the future. Yet another point to keep in mind is that in many ways, the new data-mining and micro-targeting methods are developments of existing practices rather than completely new phenomena. Parties have long made efforts to identify their likely voters ― but the new technologies allow them to take these programmes to a much higher level.
Another interesting part of the report is its survey of practices in other democratic countries. They vary widely. In continental Europe, parties are subject to privacy regulations, and micro-targeting is apparently not developed. By contrast, in the United States, privacy rules are much less extensive and do not apply to political parties (which indeed are shielded from much regulation by the constitutional protection of freedom of speech).
Although prof. Bennett and Mr. Bailey do not say so in the report’s conclusion, they seem to favour at least some form of regulation of the political parties’ behaviour with respect to privacy. They acknowledge the difficulty of striking the right balance between what they consider to be the parties’ special role in our democracy and the citizens’ privacy concerns. But they are unimpressed with the parties’ purported attempts at self-regulation in this respect ― their privacy policies, when they exist at all, are hard to find, vague, or incomplete. And they worry not only about the privacy interests of citizens but also about the risks for the political system as a whole if one or more parties fail, or are regarded as having failed, to protect the privacy of the millions of people about whom they collect information.
This is all very interesting and worth thinking about. But I would like to suggest a few other factors to add to our reflection.
One is the possibility, which I raised in my previous post, that constitutional law has something to say on the subject of the permissibility of regulating the gathering and use of data by political parties. As I noted then, the Supreme Court is now considering a case in which a union argues that its constitutionally protected activities should be exempt from the application of provincial privacy legislation. The activities of political parties too enjoy some constitutional protection, the Supreme Court having recognized their special role in the electoral process. Depending on the outcome of that case, political parties might be able to challenge any extension of the privacy legislation to cover their activities.
In this connection, another point to keep in mind is the difference between rules that limit the parties ability to gather information about voters and those that would attempt to make them better custodians of the information they collect, for example by requiring better security measures or training for the party workers and volunteers who handle personal information. The former sort of regulations, I should think, would be more problematic than the latter.
Another concern when thinking about possible regulation is the congruence of the proposed rules with the expectations and practices of the people being burdened, and those purportedly being protected, by the regulation ― here, respectively, the parties and the citizens. On the side of the parties, it is worth noting that Canadian political parties are actively trying to learn from their American counterparts. They are thus taking on board the practices and expectations of what might be the world’s least regulated environment from a privacy standpoint. The more they do so, the more difficult and intrusive forcing them to change their ways is going to be. As for the citizens, the report notes that Canadians say they are very concerned about their privacy. But deeds do not necessarily match words, and it is not clear that regulations should protect people in accordance with their stated wishes when they themselves seem not to act on them.
A final point I will make here is that we might want to question one of the report’s important assumptions ― the special role of political parties. I have written a good deal about why should be skeptical of campaign spending rules that favour political parties (here, here, and here). As the report notes, parties are losing the importance they once had ― but that is not necessarily a bad thing. It is not so obvious that they ought to benefit from special rules with respect to privacy, though I am not saying that they ought not to ― it’s a difficult question.
As it stands, Canadian political parties are not very respectful of our privacy. Whether to try to make them more so, and how, are difficult questions. They are bound to become more pressing as the parties’ gathering and use of data on voters continues and increases, and we would do well to start thinking about them now.