An online advertising campaign which gathers data on voters may be putting the Conservative party in breach of data protection laws, experts say.

The views have been made in reaction to the way the Tories have been collecting information on pro-Brexit voters through a web-based ad campaign, the Guardian reports.

The website at the centre of the concerns asked for voters to “Back Brexit”, with copy stating: “MPs can’t pick and choose which votes to respect. But some are. Don’t let them get away with it.”

Those viewing the site are then prompted to enter their name, email address and postcode – a feature which throws up privacy question marks according to legal advice from a leading data protection lawyer.

The webpage also implies that the information could be used to construct personal profiles on individual voters to help accuracy in future online advert targeting. The vagueness of the warning might remind data protection communities of the ways in which Cambridge Analytica gathered voter data to conduct political advert targeting in the run up to the US presidential elections three years ago.

According to data protection and privacy expert, Robin Hopkins, the messages could constitute a violation of privacy regulations; collecting personal information such as voters’ political affiliations and online behaviours could be unlawful if users are not receiving enough information regarding what data is being collected or enough choice about how that data is being used.

The Good Law Project underlined its concern that the Conservative party’s practices “fail to respect the [Information Commissioner’s Office] recommendations and the requirements of data protection and privacy law.

“[The Good Law Project] is concerned about the risk of unlawful data practices and the potential impact of those practices on the democratic process.”

Robin Hopkins stated:

“I am asked for my opinion on whether there is substance to those concerns … my answer is yes. At least as regards the use of data for ‘online advertisements’, the individual does not seem to have been adequately informed.

“She [the user] is directed to a privacy policy that says quite a lot about how the Conservative party uses personal data – including the building of profiles about individuals and their likely voting intentions. But … the privacy policy says nothing about how the Conservative party uses personal data to direct online advertisements at individuals based on what it knows or thinks about them.

“The individual visiting the ‘Back Brexit’ webpage is not helped to understand what this means, how it works and what she can do about it,” Hopkins continued.

Article originally published on PrivSec:Report

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.