Voter data privacy and the Canadian federal election

  • National Newswatch

As campaigns in Canada gear-up ahead of the country's 43rd federal election this October, many are wondering how this year's election campaigning will compare to previous years.As in Europe and the US, Canadian politicians will find it hard to ignore the challenges that disinformation campaigns and the continued rise in populist movements will certainly bring.Unlike in Europe, Canada has not had to deal with the advent of the General Data Protection Regulation (GDPR), which has had a profound effect on how European parties and campaigns have had to approach data protection.The question that remains to be answered is whether Canada will draw inspiration from Europe and institute a stricter data protection regime or whether it will favor a more lax regulatory structure such as that seen in the US.Influence of privacy lawsData protection in Canadian elections is currently regulated by the Privacy Act.The Act states that personal information under the control of a government institution should only be disclosed in very limited circumstances.While this provides a basic regulatory framework that has served its purpose for more than 30 years, it lacks some of the nuance that more modern data protection codes might be expected to contain.In the wake of data breach scandals such as Cambridge Analytica, there have been calls to replace the legislation with a new mechanism for governing voter data protection.What's on the horizon?British Columbia (BC) leading by exampleBritish Columbia is leading the charge in nudging parties to approach data protection more seriously.Information and Privacy Commissioner for British Columbia Michael McEvoy has gone on record stating that “political parties must do a better job telling people about the information they're collecting about them”.Michael McEvoy said he's giving B.C.'s New Democrat, Liberal and Green parties six months to become more transparent with people before deciding if a detailed audit of party systems, databases or practices is required.Gaining consent from voters is one of the main requirements under the new European GDPR legislation and the Information and Privacy Commissioner for British Columbia believes that the effort should be mirrored in Canada.More rigorous data protection on the horizon?British Columbia's Personal Information Protection Act requires political parties to obtain consent from individuals to collect, use, or disclose information about them.None of the other nine provinces currently require political parties to adhere to privacy laws similar to those in British Columbia. But many think this is the way forward.When Michael McEvoy released his recent report, which covered political parties' information collection practices, he concluded that all three political parties have inadequate privacy training and must ensure the same effort goes into protecting personal information as is put into its collection. The Commissioner said that robust communication with voters is vital to a party's existence, but that it must be fully transparent to the public."Political parties, from senior party officials to volunteer canvassers, must stand ready to demonstrate compliance with their privacy responsibilities. This includes everything from being absolutely transparent about the personal information they collect to providing individuals full right of access to their own information," he said.Will Canada step in line with Europe?In the run-up to elections for the European Parliament later this year, political parties across Europe have grown accustomed to making people aware of the reason they are gathering information about them.We have seen serious work being put in at the grassroots level intended towards ensuring that parties are made aware of the implications of any data breach that may occur under their watch.It is now common practice in Europe that parties and candidates must make people aware of the reason they are gathering information.Serious work has been put in at the grassroots level intended towards ensuring all parties are made aware of the implications of a data breach.Once an issue of concern almost exclusively to those within the political system, protection of voter data has emerged as an issue of importance to voters themselves – with some parties and candidates even highlighting their strong protection of voter details within their manifestos – something that would have been unimaginable just a few years ago.Large parties in Canada hold vast amounts of data about their electorate. We have also observed that many of them conduct very specific door-to-door outreach operations.While it is clearly important to do direct outreach to build relationships with voters, parties must also realize that they need to ensure compliance with both the letter of the (data protection) law as well as emerging best practices in the fields of voter outreach and community engagement, many of which are quickly changing as a result of the arrival of GDPR.The Federal Election will prove to be a bellwether for the future of data governance in Canada.The Canadian public holds more power in deciding what direction the future will take than they probably realize. Whether the citizens beyond British Columbia will remain content with the existing data protection framework or demand a more activist approach to governance that draws inspiration from Europe and B.C.'s efforts remains to be seen.Ciara O'Riordan is a Digital Marketing lead at Ecanvasser. Ecanvasser is an Irish political technology provider that supplies more than 2,000 campaigns around the world, and Canada, with election technology.