A landmark decision by the Information Commissioners Office (ICO) has opened the way for 240 million other American voters to request their data back from the firm under British data protection laws. Cambridge Analytica (CA), which has just begun bankruptcy proceedings, has been sent a letter by the ICO wanting to know where the data on Professor David Carroll, an associate professor at Parsons School of Design in New York came from and how it was been used.

The ICO said that if CA had any difficulty complying with this request then it should hand over passwords for the servers seized during its raid on the company’s office. Furthermore, it warned that: “failure to do so is a criminal offence, punishable in the courts by an unlimited fine.”

Elizabeth Denham, ICO commissioner said in a statement:

“The company has consistently refused to co-operate with our investigation into this case and has refused to answer our specific enquiries in relation to the complainant’s personal data — what they had, where they got it from and on what legal basis they held it.”

“The right to request personal data that an organisation holds about you is a cornerstone right in data protection law and it is important that Professor Carroll, and other members of the public, understand what personal data Cambridge Analytica held and how they analysed it.”

Not only does the company risk the wrath of the ICO, if CA fails to comply with Carroll’s request or can be shown to have misused data, potentially it could be at risk of class action from the US electorate.

US Voter Data Processed in the UK

When it came to light that CA had built up profiles on a multitude of American voters, Carroll made a Subject Access Request (SAR) to CA affiliate SCL Elections under the UK’s 1998 Data Protection Act. He wanted to find out what data they held about him and how they used it.

The information he received in response revealed that he had been scored on a small set of political categories, including gun control and national security. Previously CA had boasted that every voter profile it generated used 4,000 to 5,000 data points, which lead Carroll to believe he had received incomplete information. As a result, Carroll commenced a legal action at the High Court in London and filed a complaint with the ICO.

Under US law, Carroll had no means to request his information, however since it came to light that CA processed US voter data in the UK, it granted him right under British laws. CA responded saying that Carroll was no more entitled to make a SAR under the UK Data Protection Act:

“than a member of the Taliban sitting in a cave in the remotest corner of Afghanistan.”

Carroll said of the decision:

“This should solve a lot of mysteries about what the company did with data and where it got it from. I hope that it will help the ongoing investigations in my country and yours, and other places like Canada. There’s a lot of questions that no one has been able to answer until now so hopefully, this will be a major breakthrough in our understanding of what it did.”

According to Carroll the ICO’s letter, “proved what we’ve been saying for a long time: this is not a normal company. To have the audacity to say that American voters are no different than jihadis hiding in a cave is pretty shocking.” Adding that CA’s attitude and behaviour was tantamount to “digital colonialism.”

Paul-Olivier Dehaye, a data expert who assisted Carroll with his request said:

“The data commissioner has said that data crimes are real crimes and she is now putting this into action. This would have been unimaginable a year ago. It’s a real landmark. The ICO is showing that they are real consequences to not complying with UK data laws.”

“Cambridge Analytica has been able to evade journalists’ questions and mislead both parliament and Congress, but now if they don’t answer these questions, it shows they’re criminally liable. And there’s also the potential that the truth could be even more incriminating.”

Like this: Like Loading...