'The findings could have widespread implications for how parties campaign — not just in B.C., but across Canada.'

B.C. political parties need to be more transparent about how they collect data on voters. They are gathering too much without the individual’s consent. Those are the major take-aways from a report issued earlier this month by B.C.’s Office of the Information and Privacy Commissioner (OIPC).

The findings could have widespread implications for how parties campaign — not just in B.C., but across Canada.

The report, Full Disclosure: Political Parties, Campaign Data and Voter Consent, originated in complaints about parties going back several years. This is the first such investigation in Canada — B.C. has the only privacy commissioner in Canada with jurisdiction over political parties under B.C.’s Personal Information Protection Act.

This wasn’t a forensic audit, and so we have to take the word of political parties at face value. The main source of information for all parties is the list of voters’ name and address collected from Elections BC They can also request voter participation data — if/when the individual voted in the last election. All of this is pretty standard, and it is used to target voters and encourage their supporters to vote on election day.

It gets interesting when you look at the other information that is merged with these basic data.

A lot of data is captured at the doorstep during canvassing, and may include other identifiers like email address or phone number, and information on the issues the voter thinks are important. The BC Liberals and the NDP also may collect information on gender, ethnicity, or religion — not legal under PIPA unless the voter has expressly consented.

Parties also collect personal information through telephone canvassing — no problem there if the caller identifies himself and the reason for the call. But they can’t fish for information about other people in the household.

Parties also capture data through petitions. No problem, so long as the data collected is used for the purpose of furthering the objectives of that petition. But if it is going to be used for other purposes, then they need to get consent.

And then all parties collect personal data from social media under the impression that it is already “out there” and fair game. Not always, says the commissioner. If you are communicating with a political party through social media, then it’s implied that they can collect that information. What PIPA does not permit, is the “scraping” of personal data from social media sites, or linking email addresses with social media profiles.

The parties will also “score” voters in ways that are still very mysterious.

And then there is Facebook. All parties hand over lists of supporters (which may include donor information, email, phone number, date-of-birth) to Facebook to utilize the “LookAlike” audience tool for political advertising. Not permitted without consent, the report concludes.

All political parties need to do a better job training their staff and volunteers in privacy and security, and destroying obsolete information. This is particularly crucial given the publicity about cyber-attacks, and the risks of hacking party databases.

Do we have rights to access the personal information parties hold on us? Some parties argued that this would reveal confidential commercial information that would harm the competitiveness of the party. The commissioner gave short shrift to that argument. Under PIPA, anybody has the right to request personal information captured about them, and to correct it if it is erroneous.

Political parties need to communicate with the electorate in a meaningful way, and they need data on the electorate. They perform a vital role in any democracy. But communication should be a “fully transparent two-way street,” according to Commissioner Michael McEvoy.

The parties, to their credit, cooperated with this investigation. There are a lot of recommendations, and parties are now expected to revise their privacy policies and reform their practices in consultation with the OIPC and the Chief Electoral Officer.

What’s also obvious, however, is that B.C. political campaigns are pretty low-tech. We are nowhere near the creepy world of voter analytics and micro-targeting seen in the US. But the temptation to use more privacy-invasive techniques is always there. We need to get the rules straight now, and ensure that there is a level playing-field and appropriate transparency so that Canada does not face similar intrusiveness.

So, does this law also apply to federal political parties when they campaign in B.C.? The report is silent on the question. But why should provincial parties have to abide by these basic privacy rules, and federal parties not? There’s no good reason.

This report will add to the growing calls for federal political parties to be covered by Canada’s privacy laws as well.

Colin J. Bennett is a professor at the University of Victoria’s Department of Political Science.

The views, opinions and positions expressed by all iPolitics columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of iPolitics.