New Spanish data law could undermine the integrity of democracy

On Wednesday, the Spanish senate gave the green light to an online data protection law which may enable political parties to hit voters with adverts based on profiling of internet search histories.

 In the upper house of parliament in Spain, the new legislation won 220 votes of approval, with just 21 voting against, Phys Org reports.

The law was created as part of the Iberian nation’s efforts to align with the General Data Protection Regulation (GDPR) which came into force on May 25th of this year.

The GDPR aims to give EU-based users more control over their personal data, how it is used and stored. The right to be forgotten and the right to have access upon request to the data which an organisation holds on a data subject, are both fundamental aspects of the new legislation.

Similarly integral is the obligation that the new EU data laws put upon organisations to be transparent. In the event of a data breach, this involves reporting of the incident to the regulator within 72 hours of it being discovered, and then alerting all parties who may have had their personal data compromised as a result, so that mitigating action can be taken.

However, the recent adjustment made to the Spanish laws includes a caveat that enables political parties to “use personal data obtained from web pages and other publicly accessible sources to carry out political activities” throughout election campaigns.

This sits uneasily with the law which says that those who do not want to receive bespoke advertising messages from political parties should be able to have a “simple and free way to exercise their opposition”.

The GDPR could accommodate for the new data collection if appropriate guarantees on data security are in place.

Passage through the senate was the last hurdle for the Spanish law before it could be rubber stamped, following its movement through the country’s lower house of parliament in October.

In firm opposition to the developments, Spain’s Platform for the Defence of Freedom of Information said that the law will enable political parties to put together “ideological profiles”.

“It will allow parties to carry out practices like those of Cambridge Analytica”, it stated, referencing the way in which a UK-based data analytics firm allegedly used swathes of Facebook data to hit floating voters in the US with pro-Trump personalised adverts in the run-up to the 2016 presidential elections.

The Facebook / Cambridge Analytica scandal was a focus aspect of a recent Information Commissioner’s Office report into the use of data analysis in politics.

The study, Democracy Disrupted? brings ethical use of data into question, and asserts the very real need for political honesty if citizens are to have confidence in the integrity of elections themselves.

The research was the subject of a talk held by ICO Deputy Commissioner, Steve Wood at the Data Protection World Forum in London this week, where Mr Wood underlined “the transparency failings the probe had uncovered, and its role in inadequate effective consent online.”

He also recommended “more effective controls in online platforms for behavioural advertising, and emphasised the importance and very clear justification of Subject Access Rights (SARs).”

The Spanish consumer group FACUA and a far-left party, Unidos Podemos, have stated their intention to fight the law in the Spanish Constitutional Court

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.