The Conservative Party has been accused of racially profiling millions of voters following the publication of a report by the Information Commissioner’s Office.

The report by the ICO alleged that, before the 2019 general election, the party purchased data sets that guessed a person’s country of origin, race and religion based on their name.

This data was applied to the names of 10 million voters.

Privacy campaigners Open Rights Group say the Conservative Party “racially profiled 10 million voters,” discussed the risk of the method becoming “the basis for voter suppression techniques,” and highlighted the practices of Tory Zac Goldsmith’s 2016 London Mayoral campaign, when he was criticised for ethnicity-targeted leaflets aimed at Hindu, Sikh and Tamil voters.

The Conservative party did not respond to openDemocracy’s request for comment, and would not tell us how this data was used. There is no evidence to suggest that the party used the information in any specific way in the 2019 election.

Why racially profile?

Speaking to openDemocracy, Labour MP Clive Lewis said that the revelation that the Conservatives had been collecting such data “set alarm bells ringing”.

“One element of the crisis of democracy is large corporations using big data not just to mine our human experience for profit, but also increasingly, with sympathetic political forces, to game and undermine our democracy.

“We saw it with Cambridge Analytica; we’ve seen the same tech utilised by the US Republicans to racially profile and then suppress the votes of people of colour – voter groups they see as ‘hostile’.

“To therefore know one of the most openly and avowedly racist Tory parties in living memory is collecting such data must set alarm bells ringing. Especially given its proximity to other areas of the Trump/Republican electoral playbook.”

Jim Killock, executive director of the Open Rights Group, agreed, saying that “Racial profiling can be used for many things, but most worryingly as the basis for voter suppression techniques”. This is one reason, he said “why consent is required for these details to be used”.

Did the Tories break the law?

Killock also criticised the Information Commissioner’s Office for failing to crack down on the Conservatives. “Just as worryingly,” he said, “the ICO has not explained whether the Conservatives have broken the law”, adding that political parties have been relying on a special ‘political engagement’ exemption to data protection rules, but saying that there’s a lack of clarity about how far this goes.

The ICO notes that the Conservatives used data bought from commercial suppliers rather than getting information directly from the people the data is about – which raised particular concerns around people’s “right to be informed” under data protection laws.

The report was stark about data sharing and data collection across parties: “there is a risk that data used for political profiling is being processed unlawfully,” the Commissioner’s Office said.

Other parties criticised

The Commissioner’s report notes that Labour had previously sourced other onomastic data, but stopped after new data protection laws were introduced in 2018, as they “could not justify its lawful use”.

The report found that the Conservatives, Labour and Liberal Democrats all supplemented the electoral register (which they are automatically entitled to access) with commercially-bought data.

“Labour only sourced data from one supplier;” the report says “who used information about individuals aggregated from multiple sources, or otherwise enhanced, to build individual profiles.” The Labour party didn’t respond to openDemocracy’s request for comment.

Information Commissioner Elizabeth Denham called their research “one of the largest and most complex [investigations] ever carried out by a data protection authority”. Since February 2019 her office has completed a “data protection audit” of seven political parties: Conservatives, Labour, Lib Dems, DUP, SNP, UKIP and Plaid Cymru.

"Overall, the audits found only a limited level of assurance that processes and procedures were... delivering the necessary data protection compliance,” wrote the report’s authors.

They also reported that the pregnancy advisory service Emma’s Diary, who were fined £140,000 for illegally selling data about young mothers in marginal seats for use by the Labour party in the 2017 election, have now paid their fine. Labour used the information to mail information on their Sure Start policies.

The report expresses particular concern around parties that conduct profiling dependent on data sourced from data suppliers, rather than the individuals themselves: “there is a risk that data used for political profiling is being processed unlawfully."

The report also shows how the different parties organise, with Conservatives and Lib Dems outsourcing much of the work, while Labour do it in-house. All, though, have significantly increased their online presence: the percentage of party political advertising budgets spent on digital campaigns increased from 1.7% to 42.8% between 2014 and 2017.