Big Tech not the only entity with your personal data on tap

The use of private personal data goes much further than you might expect.

The use of private personal data goes much further than you might expect. Picture: AFP.

6 min read

12:00AMMarch 22, 2018.

Updated 6:07AMMarch 22, 2018

Facebook has been rocked by revelations that a firm working on Donald Trump’s 2016 presidential campaign harvested and allegedly misused millions of members’ data in pursuit of political advantage.

An investigation by Britain’s Channel 4 revealed Cambridge Analytica executives boasted they could use social media data to entrap politicians and engage in what can be described as potentially nefarious campaign techniques.

People post all sorts of information about themselves and their attitudes towards everything from consumer products to political issues on social media, but generally they do so communicating with a circle of online friends. Revelations that political actors are now using that information via complex algorithms to target their campaigns at voters raises a variety of privacy concerns as well as questions of ethical usage.

The capacity to use the search engine preferences of Facebook users to target them with political paraphernalia designed to shock or instil fear — for example because users have searched for stories on terrorism or gang crimes — goes to the heart of what forms of political campaigning are acceptable and how far organisations can go when collecting information on voters for the purpose of campaigning.

Shares in Facebook plunged as policymakers in the US called for stronger regulation over how Facebook collects and onsells user information after claims 270,000 users downloaded an app called thisisyourdigitallife. When they approved the download, they inadvertently granted the app developer permission to harvest the data of their friends too — up to 50 million in all. These users were taking part in they thought was social research. But data was passed to Cambridge Analytica, which made it available for political purposes. Facebook has now been drawn into a partisan war of words, and similar arguments about its (mis)use may emerge across the world, including in Australia.

One of the reasons social media companies such as Facebook and Google have been able to disrupt the large traditional media businesses has been the value of data analytics that can target consumers. The ability to harvest user information to deploy advertising resources to specific consumer needs online is seen by many as a better alternative to traditional banner newspaper advertisements or expensive ads during popular TV shows. The same shift to more targeted advertising online can benefit political campaigns if voter preferences can be identified.

Social media users give up their privacy rights, usually unwittingly, when they agree to terms on signing up. Who seriously reads the full spectrum of the detailed terms and conditions when doing so?

While politicians have expressed concerns about giving up privacy rights in this way for years, with moves already afoot in Europe and elsewhere to improve consumer awareness, the growing realisation that political parties have something to gain by accessing user information will only add to the controversy surrounding the business model of the likes of Facebook, and how and to whom they sell consumer information.

Nearly 1.5 billion people log on to Facebook every day, and the figure has grown every year for the past decade. A campaign to delete Facebook accounts taps into a growing distrust among consumers towards the social media giant.

In Australia, do we have adequate rules in place to protect consumer privacy? And are Facebook and other social media behemoths the only organisations we should be concerned about? What about political parties?

The Privacy Amendment Act (2000) ensures that businesses can only use, store and onsell consumer information with people’s consent. But, as mentioned, that consent is often given unwittingly. Australia should perhaps follow the lead of European nations and require more robust disclosures of how and when information harvested on social media is thereafter to be used.

Even if such laws eventuate courtesy of the awareness the Cambridge Analytica scandal has caused, it won’t prevent political parties from being able to continue using voter data without people’s consent. That’s because political parties in Australia — which are technically private organisations despite their very public role in our body politic — have exempted themselves from the privacy protections other private organisations must adhere to.

In other words, when data is accumulated and stored for the purposes of political campaigning, political parties are not required to seek the consent of the governed.

Equally, there are no protections in place to ensure the accuracy of the information compiled, nor to protect how it is stored. To campaign effectively, parties have an incentive to ensure the information they store is accurate, but without oversight we cannot know whether or not that is the case.

While the public has a right to use Freedom of Information laws to access information the public service stores on each of us — for example, what might be in a person’s Centrelink or Medicare file — no such access provisions exist for checking up on what political parties know about each of us.

This privacy debate leads right to the doors of our major parties, because not only do they use third parties to help target their campaign materials, they also operate powerful and sophisticated databases that track the voting and policy preferences of the electorate.

The Liberal Party’s database is called Feedback, Labor’s goes by the name Electrac. These powerful systems are becoming more central to effective modern political campaigning, giving the major parties an advantage over minor parties and independents.

Once upon a time the accumulation of data in these systems was through the laborious, old-fashioned means of using the electoral roll to access basic voter information such as names, ages, addresses and occupations.

That was then linked to telephone directory information — and then the really hard work began. Staffers, politicians and volunteers would doorknock, make notes when constituency inquiries were made, and all the information obtained would be added to the profile of electors, especially in key marginal seats.

Party organisations would keep a close eye on MPs and candidates using the databases, encouraging them to devote significant resources to the endeavour. This included taxpayer- funded staffers and allowances. The databases themselves are paid for out of electoral entitlements, even though they are protected from scrutiny because political parties are private organisations.

Learning whether electors were swinging voters and what issues mattered most to them would enable political campaigns to target what information was sent to whom, ensuring cost-effective campaigning and issue-matching to sway voters to the cause being campaigned on.

The rise and rise of social media and the capacity of parties to purchase profile data on voters has revolutionised the value of these databases. Because collecting information doesn’t require consent, it continues unbridled, and what the parties know about all of us stays in their systems indefinitely.

At one level this might neither shock nor worry too many people. It’s a form of professional campaigning one might expect major parties to engage in. Modern voters have grown used to giving up privacy rights in the electronic age in exchange for convenience. But the longevity of what’s collected, the invasion of privacy when information obtained isn’t offered voluntarily, and the lack of oversight as to how it is used, stored and accessed should be concerning.

With the rise of social media perhaps it’s time to reconsider the political party exemptions in the Privacy Act, or at least look to limit the exemptions in certain ways, for example so as to allow access only to the electoral roll and restrict the purchasing of social media data. Or to prevent parties from hiring third-party data for the purposes of campaigning, as occurred with the Cambridge Analytica scandal.

The politicians are unlikely to raise the need to curtail their own exceptions to the Privacy Act, certainly not the main parties that benefit most from the exemptions.

The use (or misuse) of voter data, including that obtained from social media, gives these parties a cartel-like advantage over new entrants. They are therefore more likely to collude to preserve the rules of the game that benefit them. Both major parties jealously guard the technologies they use to operate their databases, and the developments they hope will give them a campaigning edge in key marginal seats. In a professionalised campaign environment even a narrow advantage in data analytics can mean the difference between winning and losing.

Peter van Onselen is a professor of politics at the University of Western Australia. He has written extensively on party databases and teaches digital media at UWA.