Sign up to Newsletter

Letter to the DCMS Sub-Committee on Disinformation - data brokers need to be investigated

Advocacy
Post date
2nd August 2019
Acxiom The Great Hack

Dear Chair and Committee colleagues,

Privacy International is an international NGO, based in London, which works with partners around the world to challenge state and corporate surveillance and data exploitation. As part of our work, we have a dedicated programme “Defending Democracy and Dissent” where we advocate for limits on data exploitation throughout the electoral cycle.

We have been closely following the important work of the Committee. Prompted by the additional evidence provided to the Committee by Brittany Kaiser, published on 30 July 2019, we would like to draw your attention to aspects of her submission that stood out to us and related points:

  • The ways in which Cambridge Analytica has used segments and inferences is strikingly similar to the techniques we have observed in the data broker industry.

  • In November 2018, Privacy International complained about seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) to data protection authorities in France, Ireland, and the UK. As evidenced in the documentary “The Great Hack”, Acxiom is one of the companies, as well as Facebook, that Cambridge Analytica used as a data source. Many of these companies are also involved in or linked to the use of data for political purposes.

  • Our complaints show that these companies fail to comply with data protection law and in some cases seem to work under the assumption that derived, inferred and predicted data and behavioural or demographic segments do not count as personal data, even if they are linked to unique identifiers or linked to or used to target individuals.

  • We noted with concern that the final report of the Committee on Disinformation and‘fake news’ stated that “’inferred data’ is not protected” under GDPR. While we very much agree with your recommendation to extend privacy laws to close existing gaps in this regard, we respectfully disagree with your conclusion that ‘inferred data’ is currently not protected. ‘Inferred data’ does not always fall under the definition of personal data,yet inferences that may be linked to identifiable individuals do constitute personal data.

  • A new aspect of GDPR is an explicit definition of profiling in Article 4(4): “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.

  • Data brokers, ad tech companies, and credit referencing agencies amass vast amounts of data from different sources (offline and online) in order to profile individuals, derive, and infer more data about them and place individuals into categories and segments. The law is clear that there must be transparency and limits, including relating to requirements such as legal basis, fairness and purpose limitation. However, our investigation shows that many companies fail to comply with data protectionrequirements with far reaching consequences for people’s rights.

  • The pervasive nature of data brokers is demonstrated by an example related to anotherof the Committee’s inquires, where you have looked at the way reality TV shows have used targeted advertising on Facebook. In this regard it is important to consider how advertising on television is becoming increasingly targeted, and the role that data brokers play as data sources.

We urge the Committee to look into the profiling practices used by commercial data brokers (including those that also operate as Credit Reference Agencies) and the role this industry plays in the use of personal data for political purposes and beyond.

We look forward to hearing from you in relation to this request. Should you require any further information or have any questions please do let us know.

Yours faithfully,

Privacy International

Image: screenshot from The Great Hack

Attachments
19.08.02 Ltr to DCMS.pdf
Learn more
Data Exploitation
Data and Elections
Profiling
Our campaign
When Your Data Becomes Political
Our fight
Challenging Corporate Data Exploitation
Defending Democracy and Dissent
Data and Elections
Our legal action
Challenge to Hidden Data Ecosystem

Related Content

Advocacy
Cover picture2

PI’s submission to the UK Committee on Standards in Public Life on electoral campaigning

PI’s submission highlights the need for the UK Electoral Commission to be reformed in light of the current online political campaigning practices and environment.

Continue reading
Advocacy
Photo by Fred Moon on Unsplash

Challenging Data Exploitation in Political Campaigning: PI Recommendations.

These recommendations identify actions for governments, regulators, legislators, political parties and companies to help prevent data exploitation in political campaigning.

Continue reading
News & Analysis
Pins with Facebook logos

Why Facebook’s opt-out of political ads is a short-sighted solution

Facebook's announcement that users will be able to opt-out from seeing political and issue-based ads leaves many important questions unanswered.

Continue reading
News & Analysis
The Internet Remembers Image

Why we're concerned about profiling and micro-targeting in elections.

There is now an ecosystem that drives voter profiling and targeted messages, often known as micro-targeting, that accompany modern political campaigning globally. The targeted ad-supported internet is made up of thousands of companies that track and profile us all 24 hours a day- not just during election time.

Continue reading