GUIDANCE DOCUMENT Commission guidance on the application of Union data protection law in the electoral context A contribution from the European Commission to the Leaders' meeting in Salzburg on 19-20 September 2018
1. The Communication from the European Commission sets out guidance on the application of the General Data Protection Regulation (GDPR) with regard to political parties’ use of people’s data for campaigning purposes. The objective of the guidance is to make clear which data protection obligations apply to the processing activities of political parties in the context of elections. The communication places an emphasis on national data protection authorities, as enforcers of the GDPR, to make full use of their strengthened powers to address possible infringements, in particular those relating to the micro-targeting of voters.
2. The publication of the communication is timely for two reasons:
● The Information Commissioner’s Office (ICO) investigation into political campaigning practices and the importance of protecting personal data in the electoral context which has become a key issue for the functioning of democracy - the ICO investigation is specifically mentioned in the Communication.
● The upcoming European Parliament election in May 2019.
3. The Communication acknowledges that the report from the Information
Commissioner’s Office on the use of data analytics in political campaigns
together with the Opinion of the European Data Protection Supervisor on
online manipulation and personal data confirm the growing impact of micro-targeting in the electoral context.
4. The Communication goes on to explain that the General Data Protection Regulations (GDPR), which came in to force on 25 May 2018, provides the Union with the tools necessary to address instances of unlawful use of personal data in the electoral context. It further states that this will only be effective in protecting the integrity of democratic politics if there is a firm and consistent application of the rules.