Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

European parliament’s NationBuilder contract under investigation by data regulator

Europe’s lead data regulator has issued its first ever sanction of an EU institution — taking enforcement action against the European parliament over its use of US-based digital campaign company, NationBuilder, to process citizens’ voter data ahead of the spring elections.

NationBuilder is a veteran of the digital campaign space — indeed, we first covered the company back in 2011— which has become nearly ubiquitous for digital campaigns in some markets.

But in recent years European privacy regulators have raised questions over whether all its data processing activities comply with regional data protection rules, responding to growing concern around election integrity and data-fuelled online manipulation of voters.

The European parliament had used NationBuilder as a data processor for a public engagement campaign to promote voting in the spring election, which was run via a website called thistimeimvoting.eu.

The website collected personal data from more than 329,000 people interested in the EU election campaign — data that was processed on behalf of the parliament by NationBuilder.

The European Data Protection Supervisor (EDPS), which started an investigation in February 2019, acting on its own initiative — and “taking into account previous controversy surrounding this company” as its press release puts it — found the parliament had contravened regulations governing how EU institutions can use personal data related to the selection and approval of sub-processors used by NationBuilder.

The sub-processors in question are not named. (We’ve asked for more details.)

The parliament received a second reprimand from the EDPS after it failed to publish a compliant Privacy Policy for the thistimeimvoting website within the deadline set by the EDPS. Although the regulator says it acted in line with its recommendations in the case of both sanctions.

The EDPS also has an ongoing investigation into whether the Parliament’s use of the voter mobilization website, and related processing operations of personal data, were in accordance with rules applicable to EU institutions (as set out in Regulation (EU) 2018/1725).

The enforcement actions had not been made public until a hearing earlier this week — when assistant data protection supervisor, Wojciech Wiewiórowski, mentioned the matter during a Q&A session in front of MEPs.

He referred to the investigation as “one of the most important cases we did this year”, without naming the data processor. “Parliament was not able to create the real auditing actions at the processor,” he told MEPs. “Neither control the way the contract has been done.”

“Fortunately nothing bad happened with the data but we had to make this contract terminated the data being erased,” he added.

When TechCrunch asked the EDPS for more details about this case on Tuesday a spokesperson told us the matter is “still ongoing” and “being finalized” and that it would communicate about it soon.

Today’s press release looks to be the upshot.

Provided canned commentary in the release Wiewiórowski writes:

The EU parliamentary elections came in the wake of a series of electoral controversies, both within the EU Member States and abroad, which centred on the the threat posed by online manipulation. Strong data protection rules are essential for democracy, especially in the digital age. They help to foster trust in our institutions and the democratic process, through promoting the responsible use of personal data and respect for individual rights. With this in mind, starting in February 2019, the EDPS acted proactively and decisively in the interest of all individuals in the EU to ensure that the European Parliament upholds the highest of standards when collecting and using personal data. It has been encouraging to see a good level of cooperation developing between the EDPS and the European Parliament over the course of this investigation.

One question that arises is why no firmer sanction has been issued to the European parliament — beyond a (now public) reprimand, some nine months after the investigation began.

Another question is why the matter was not more transparently communicated to EU citizens.

The EDPS’ PR emphasizes that its actions “are not limited to reprimands”, without explaining why the two enforcements thus far didn’t merit tougher action. (At the time of writing the EDPS had not responded to questions about why no fines have so far been issued.)

There may be more to come, though.

The regulator says it will “continue to check the parliament’s data protection processes” — revealing that the European Parliament has finished informing individuals of a revised intention to retain personal data collected by the thistimeimvoting website until 2024.

“The outcome of these checks could lead to additional findings,” it warns, adding that it intends to finalise the investigation by the end of this year.

Asked about the case, a spokeswoman for the European parliament told us that the thistimeimvoting campaign had been intended to motivate EU citizens to participate in the democratic process, and that it used a mix of digital tools and traditional campaigning techniques in order to try to reach as many potential voters as possible. 

She said NationBuilder had been used as a customer relations management platform to support staying in touch with potential voters — via an offer to interested citizens to sign up to receive information from the parliament about the elections (including events and general info).

Subscribers were also asked about their interests — which allowed the parliament to send personalized information to people who had signed up.

Some of the regulatory concerns around NationBuilder have centered on how it allows campaigns to match data held in their databases (from people who have signed up) with social media data that’s publicly available, such as an unlocked Twitter account or public Facebook profile.

In 2017 in France, after an intervention by the national data watchdog, NationBuilder suspended this data matching tool in the market.

The same feature has attracted attention from the UK’s Information Commissioner — which warned last year that political parties should be providing a privacy notice to individuals whose data is collected from public sources such as social media and matched. Yet aren’t.

“The ICO is concerned about political parties using this functionality without adequate information being provided to the people affected,” the ICO said in the report, while stopping short of ordering a ban on the use of the matching feature.

Its investigation confirmed that up to 200 political parties or campaign groups used NationBuilder during the 2017 UK general election.

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Leading VCs discuss how COVID-19 has impacted the world of digital health

In December 2019, Extra Crunch spoke to a group of investors leading the charge in health tech to discuss where they saw the most opportunity in the space leading into 2020 . At the time, respondents highlighted startups in digital therapeutics, telehealth and mental health that were improving medical practitioner efficiency or streamlining the distribution of care, amongst a variety of other digital health markets that were garnering the most attention. Where top VCs are investing in digital health In the months since, the COVID-19 crisis has debilitated national healthcare systems and the global economy. Weaknesses in healthcare systems have become clearer than ever, while startups and capital providers have struggled to operate while wide swaths of the market effectively shut down. Given significant volatility and the rapid changes seen in the worlds of healthcare, venture and startups broadly, we wanted to understand which inefficiencies might have been brought to light, w...

News-reading app Flipboard expands local coverage, including coronavirus updates, to 12 more U.S. metros

Earlier this year, personalized news aggregation app Flipboard expanded into local news . The feature brought local news, sports, real estate, weather, transportation news and more to 23 cities across the U.S. Today, Flipboard is bringing local news to 12 more U.S. metros and is adding critical coronavirus local coverage to all of the 35 supported locales. The 12 new metros include the following:  Baltimore, Charlotte, Cleveland, Detroit, Indianapolis, Nashville, Pittsburgh, Orlando, Raleigh, Salt Lake City, St. Louis, and Tampa Bay. They join the 23 cities that were already supported:  Atlanta, Austin, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Los Angeles, Miami, Minneapolis-St. Paul, New Orleans, New York City, Philadelphia, Phoenix, Portland, Sacramento, San Diego, San Francisco Bay Area, Seattle, Toronto, Vancouver and Washington, D.C. To offer local news in its app, Flipboard works with area partners, big and small, like The Plain Dealer’s Cleveland.com , ...