As we head into the presidential primaries, there is no question big data and analytics will play a major role in targeting voters, driving contributions and ultimately determining who will be the next president.
As we have transformed into a data-driven society and economy, this may be expected. But the candidates’ privacy and data practices in both the news headlines and in the back room are not. While recent news has focused on unauthorized access by the Sanders campaign allegedly taking advantage of a misconfigured Democratic Party website, this is just the tip of the iceberg.
Candidates are pulling out all the stops to collect data. For example, Senator Cruz is baiting voters (through their children) with the offer of photos with Santa as a means to prospect for voter data. The photos are free, but you must register and provide your email address to download photos. This is an aggressive and creative tactic aiding his campaign’s massive effort to collect profile data on current and potential supporters. What parent can say no to their child who wants a photo with Santa?
What most donors and voters do not know is the broad data sharing liberties candidates are taking. It is becoming clear voters’ personal data may be more valuable than their donations alone. In September, the Online Trust Alliance released our audit of privacy and data security practices of the 23 leading contenders for the office of president.
The report revealed alarming results as the majority of candidates reserve the right to sell or trade personal data to unaffiliated third-parties. Others take broad liberties disclosed in the fine print of their privacy policy, yet if the same practices were used by a commerce site or bank they would make headlines and likely face legal prosecution.
Senator Cruz goes further than any other candidate, stating that, “in order to maximize your experience with our website and to provide its features and services, we may periodically access your contact list and/or address book on your mobile device. You hereby give your express consent to access your contact list and/or address book.” This and other related practices contributed to 74 percent of the candidate’s receiving failing grades in the audit.
Voter data is the new currency, and candidates are reaping the rewards. A case in point is Scott Walker. While he is no longer a presidential contender, his supporters might be surprised to learn that their data is now being sold to his former rivals.
In Walker’s case, the issue is that the selling and sharing of donors’ data may be in violation of his own published privacy policy. According to public data, Walker’s campaign charges $10,500 to send a single email to his database of 675,000 subscribers — contrary to the website privacy policy, which states that personal information will not be disclosed to third-parties (unless legally required).
A business in a similar situation might find itself in the crosshairs of Section 5 of the FTC Act and several states’ consumer protection acts. Although Walker had originally qualified for the Presidential Online Trust Honor Roll, based on his recent practices, he has been stripped of his Honor Roll status.
Citizens may be contributing to candidates with their checkbooks, but the real value is the buying, selling and trading of their personal data.
While the sharing of email lists and data may be a common practice (especially in rallying political support and paying off campaign debt), the ethics are concerning. The broad liberties candidates are taking is troubling. If an industry leader such as Microsoft, Google, Facebook or Apple were sharing and selling personal data to the extent candidates seem to, they would likely find themselves testifying before a congressional hearing. Citizens may be contributing to candidates with their checkbooks, but the real value is the buying, selling and trading of their personal data.
Consumer anxiety regarding data privacy is becoming a global concern. This year we witnessed the shattering of the 15-year-old Safe Harbor between the E.U. and U.S. as a result of extensive data sharing. The international standards community worked to advance the Do Not Track standard and U.S. Senators have re-introduced the Do Not Track Online Act of 2015 with the goal of requiring sites and ad networks to respect the user’s intent.
Addressing the concerns, the European Parliament and Council of the European Union reached an agreement on the final draft of the E.U. General Data Protection Regulation. This directive establishes a unified framework for the 28 member states for data security and privacy. The regulation aims to return control over citizens’ personal data to citizens and create the ability to fine companies found in violation.
Campaigns argue their practices are disclosed, legal and protected under the “shadow of the first amendment,” exempt from state and federal laws. While state and federal regulators may look the other way, or be prevented from taking action, it does not make the candidates’ actions appropriate. In light of worldwide privacy concerns and the court of public opinion, are the candidates’ practices considered responsible or ethical? Should the next president of the United Stated be held accountable to the same standards as a business? Perhaps this is a reason to drive campaign reform.
Now is the time for political candidates at the federal, state and local levels, and their respective national parties, to view these incidents and practices as teachable moments and put the citizens first. By default, consumers’ (donors’) data should not be shared with any third-party other than required by law. As our nation becomes increasingly dependent on data, we need to put the protection of citizens’ digital rights at the forefront.
The U.S. needs leaders who will prioritize these protections, demonstrating integrity and commitment to data stewardship. The long-term benefit will be increased trust and support. My vote goes to the privacy party!