B.C. privacy ruling over political party data collection is a victory for voters’ privacy

Open this photo in gallery:

Colin Bennett is a professor of political science at University of Victoria where he studies data driven elections. He has written many articles and reports on privacy and elections and helped develop new guidelines on political campaigning from the Council of Europe.

On March 1, British Columbia’s Office of the Information and Privacy Commissioner issued a very important decision requiring federal political parties to comply with B.C. privacy laws when they collect, use or disclose personal data on residents of the province.

This is a significant victory not just for voters’ privacy, but for the integrity of our elections and democracy. It should bring more transparency to the ways that political parties use data on Canadian voters in their campaigns.

Contemporary elections in Canada, as elsewhere, are data-driven. Political parties have become increasingly sophisticated at targeting voters, mainly through social media. When Michael McEvoy, B.C.’s privacy commissioner, investigated the provincial parties in 2019, he found that they gather a variety of sensitive details on voters – such as income, ethnicity and religious affiliation – from a number of sources, and often without their knowledge and consent. Data brokers assist the parties in these efforts.

B.C. privacy law applies to federal political parties, commissioner’s office finds

It’s a process fraught with many risks, which is why most advanced democracies apply their privacy laws to political parties. The gold standard for privacy, the European Union’s General Data Protection Regulation, has designated political data as a sensitive category of information, to be captured only with express consent.

In Canada, data governance experts, regulators and civil liberties associations have for years advocated that federal political parties be governed by the same legal principles that apply to all other private not-for-profit organizations and businesses. Digital rights advocates have criticized the carveout of political parties from the federal government’s recent privacy bill – the Digital Charter Implementation Act – as cynical. The Privacy Commissioner of Canada has repeatedly made the same recommendation to Parliament, only to see it ignored.

Voters agree. In a 2019 poll conducted by Campaign Research and commissioned by the Centre for Digital Rights, the vast majority of Canadians said they want political parties to be subject to robust privacy regulations. In the wake of so many scandals and abuses of digital campaigning in recent years, arguments for more transparency and independent oversight are unassailable.

The recent B.C. decision for federal political parties came after three residents asked the Liberals, Conservatives, the NDP and the Greens for the personal information the parties held on them. The parties responded, but the complainants were not satisfied. Supported by the Center for Digital Rights, they complained to Mr. McEvoy, who opened an investigation.

The NDP, Liberals and Conservatives then responded that the privacy commissioner did not have jurisdiction over their data operations. (The Green Party did not challenge the complaint.) As federal organizations, they contended that they were not bound by B.C.’s Personal Information Protection Act, a provincial privacy law. Mr. McEvoy then appointed David Loukidelis, a former holder of the same role, to conduct an inquiry.

What is so interesting is how the three parties fought this case so strenuously, hiring high-powered law firms to push back on the privacy commissioner’s assertion of jurisdiction. They presented extraordinary arguments that only served to reinforce how critical the unregulated collection of voters’ data is to their operations.

The NDP contended that the B.C. privacy law was an unconstitutional expression of provincial power and that it infringes on the guarantee of the right to vote contained in the Charter of Rights and Freedoms. The Liberals argued that they were not “organizations” under the meaning of the law. Each of the parties contended that the provincial law frustrates “paramount” federal laws and particularly the Elections Act, and that it impairs the federal government’s exclusive power over federal elections.

But the Elections Act does not protect the full range of personal data the parties may collect – it just applies to the use of the list of registered voters. And the commissioner of elections has already refused to investigate how the parties use the voters list as the basis for their internal databases.

After a very detailed legal analysis, Mr. Loukidelis rejected these arguments and concluded that the law is constitutional, its definition of “organizations” applies to the federal political parties and that it is not superseded by federal law. He handed the victory to the three B.C. residents.

But this case is not just about the rights of these specific voters to access their data. Privacy regulations impose far broader obligations on parties to collect, process and disclose personal data only with the consent of the individual. That is what is at issue, and why the parties have been fighting this case so forcefully. The B.C. privacy commissioner’s order would also mean one set of rules in the province, and another for the rest of Canada.

So what practices are political parties trying to hide? Why should compliance with this law be seen as such a threat to their interests? If nothing nefarious is going on, they should not fear an expert regulator lifting the lid on their practices, advising them of good privacy and security management and giving Canadians the assurances they need.

The B.C. privacy commissioner’s decision may look like a small step, but it could be a big leap toward protecting voter privacy rights and improving the integrity and transparency of our elections.

Keep your Opinions sharp and informed. Get the Opinion newsletter. Sign up today.