Data-Driven Elections, Privacy Law, Elections Modernization Act
In light of the revelations concerning Cambridge Analytica, we are now in an era of heightened publicity and concern about the role of voter analytics in elections. Parties in Canada need to enhance their privacy management practices and commit to complying with national privacy principles in all their operations. As shown in this article’s comparative analysis of the privacy policies of federal and provincial political parties in Canada, policies are often difficult to find, unclear, and, with a couple of exceptions, do not address all the privacy principles. Accountability and complaints mechanisms are often not clearly publicized, and many are silent on procedures for the access and correction of data, and unsubscribing from lists. Vague and expansive statements of purpose are also quite common. However, this article shows that parties could comply with all 10 principles within the Canadian Standard Association (CSA)’s National Standard of Canada, upon which Canadian privacy law is based, without difficulty; though compliance will require a thorough process of self-assessment and a commitment across the political spectrum to greater transparency. The early experience in British Columbia (B.C.), where parties are regulated under the provincial Personal Information Protection Act, suggests that this process is beneficial for all concerned. In contrast to the system of self-regulation incorporated into the Elections Modernization Act, there is no inherent reason why parties could not be legally mandated to comply with all 10 principles, under the oversight of the Office of the Privacy Commissioner of Canada.
Colin J. Bennett, "Data-Driven Elections and Political Parties in Canada: Privacy Implications, Privacy Policies and Privacy Obligations" (2016) 16:2 CJLT 195.