The Conservative iPhone app and the DPA

I’m an iPhone app developer. I’m interested in new apps that do interesting things. I also have an interest in data privacy. So when I heard that the Conservative Party had launched an app with a canvassing feature, I thought I should try it out.

Call A Friend

Here’s how it works. Imagine that a Conservative voter – let’s call him Peter – wants to campaign on behalf of the Conservative Party. He installs their app, and taps the “Call a friend” button. He sees some brief instructions, and taps “Continue”.

App home screen Call a friend intro text

Peter then sees a list of everyone in his iPhone’s address book. He decides to call a friend – let’s call him Bob – to talk about the Conservatives. Peter taps on Bob’s name in the list, and sees Bob’s contact details.

Address book list Person details

Peter taps on Bob’s phone number to call him. They have a nice chat about the Conservatives. Despite Peter’s best efforts, Bob politely indicates that he’s intending to vote for Labour in the upcoming election.

After the call, Peter re-opens the app. He sees a screen with Bob’s name, address and postcode filled in from his address book. He adds any notes from the call, and indicates Bob’s likely voting intention.

Submit your friend's details

Peter then taps “Send email”. The app creates a new email to callafriend@myconservatives.com. Peter sends this email to the Conservatives. Bob’s voting intention is now displayed below his name in the app’s “Call a friend” list.

Send email Address book list with updated voting intentions

When I first saw this process, I thought it seemed a little odd. Normally, when you give out your personal details, it’s made clear how these details will be used, with a privacy policy and an opportunity to say “yes, I agree”. I couldn’t see any of this in the Conservative Party app. And in fact, it’s not Peter’s details being submitted – it’s Bob’s. Who doesn’t get a say in it at all. I decided to read up about the Data Protection Act, to find out more. After some reading, I also called the DPA helpline with a few questions.

Processing

The DPA applies whenever someone stores or uses your personal information (the Act calls this “processing your data). From what I’ve read, if the Conservative Party are storing Bob’s name, address and voting intention in an email mailbox, or using it to help with local campaigning, then this would count as processing his data, and so the Data Protection Act would apply.

Transparency

The Act requires you to be open, honest and transparent about how you use someone’s personal data. The nearest the app gets is to say that “this data will be used to help with our local campaigning”. I’m not sure that qualifies as “transparent”. Will Bob be getting a letter in the post from his local Conservative candidate to try and change his mind? Will Number 1, High Street, Anytown be getting a personal visit to persuade Bob to vote Conservative?

Moreover, this text is displayed to Peter, not Bob. In fact, the Conservative Party can’t be open and honest with Bob about its intended use of his data, because they don’t ever speak to him. Nonetheless, they may be storing and processing Bob’s personal information in their mailbox. According to the DPA helpline, as recipients of the data, the Conservative Party would have a responsibility to ensure that Bob is notified as to how his data will be used.

Privacy Notices

I decided to investigate this need for notification in more detail. The Act requires you to provide a privacy notice, saying how you intend to use the information you gather. I had a good poke around in the app, but I couldn’t find a privacy notice anywhere within the app. I looked on the websites mentioned on the app’s App Store page, but neither myconservatives.com or conservatives.com had a privacy notice for the app either. I tried the “app support” link on the App Store, but this just took me to the home page of Deluxe Entertainment Services Group. I’ve no idea who they are, but their site didn’t even mention iPhone apps, let alone a privacy notice for the Conservative Party app.

Consent

I read more. In order to process someone’s personal data, you must meet at least one of several conditions. For this app, it looks as though the relevant condition is that Bob has given “consent to the processing”.

However, the app doesn’t ask Bob for his permission at all, let alone check whether he has given his consent. The app doesn’t even ask Peter if consent was given, and doesn’t provide any guidance as to how Peter should approach Bob when he calls. By the looks of it, it is entirely Peter’s choice as to whether he even mentions the fact that Bob’s data will be sent on.

Summary

So what does this all mean?  Well, if my understanding of the DPA is correct:

  • It’s possible that personal data is being stored or processed by the Conservative Party, without them having any contact with the person whose data is being processed
  • There is no verification that the data is provided with the consent of the person that data refers to
  • The app doesn’t give a clear indication of what the data will be used for
  • Neither the app nor its supporting web sites contain a privacy notice describing how the data may be stored and used

I should stress that I don’t know if or how the Conservative Party are storing or processing the data from these emails (although I have contacted them to find out, and will post again when I hear back). I would be very grateful if anyone with experience of the Data Protection Act could confirm if my reading of the Act is correct.

Disclosure: I’m not a member of, or affiliated to, any political party or organisation. I’m just bothered about people’s privacy.

UPDATE: 9 April 2010, 5:49pm

The Conservative Party app’s App Store description has been updated to say the following:

When using the “Call A Friend” feature, please confirm that you have the consent of the friend or relative whose details you are passing on to us. The Conservative Party will inform your friend or relative how it obtained his or her details. Information obtained by the Conservative Party from this App will not be used for electronic mailing purposes.

This change went live within the last half an hour.

UPDATE: 9 April 2010, 6:02pm

This updated App Store description is an improvement. However, it’s still not clear how Peter should confirm that he has the consent of the friend or relative. Is he meant to put this information in the “Notes” section of each and every submission? If so, maybe the App Store description could be updated to make this clear.

Aside #1: I wonder if the app itself will be updated, so that anyone who has already downloaded the app will also get a chance to see this message?

Aside #2: The message about not using information for electronic mailing purposes is a bit superfluous, given that Bob’s email address isn’t part of the data gathered.

UPDATE: 9 April 2010, 6:10pm

Re-reading the new App Store text: while this text mentions what the information won’t be used for, it still doesn’t say what it will be used for. Would be good to know.

47 thoughts on “The Conservative iPhone app and the DPA

  1. Wow! That was a really interesting and insightful piece. Thanks for sharing and forewarning others who may have installed this shady piece of kit. It makes you wonder how it got through the Apple approval process

  2. This is to do with UK politics… so I have no expectation whatsoever that the data will be stored according to the DPA principles.
    I’m a UK citizen, so I know.

  3. I don’t call myself an expert on the DPA but your conclusions match my working understanding of the Act.

    Rob Jewitt – I admit to knowing nothing of the Apple approval process, but it seems a bit much to expect them to be interested in foreign (ie non-US) information security concerns.

  4. Actually, I suspect the correct analogy is to the way mailing lists are bought and sold. I sure don’t get asked before a mailing list with my details is sold, and I don’t get a notice from the buyer.

    No, we don’t have that much control of the use of our details on other people’s systems.

  5. T no, but you should get asked whether you want to be put on to the mailing list and if so whether that information can be shared with 3rd parties-that isn’t being done here.

  6. Could you use the app to pass on the voting intentions of a fictitious name at your address (or one of a willing friend) and see what material arrives for that name?

  7. You DO have to opt in to having your details bought and sold on mailing lists.

    That’s why every time you give a company your address, there’s a tick box to opt out of mailings from them and then another to opt out of mailings from “selected third parties”, i.e. people we sell your details to. If you tick the latter box, your details don’t get sold on.

  8. So, the data is submitted by e-mail, and the format of the e-mail is clear to any user of the app?

    Wow – let’s just hope this doesn’t get abused

  9. T – As I understand, mailing list information is gathered from subsciption databases, credit applications, competition entry forms and the like. BUT – unless you give your permission for your data to be passed on, it cannot be sold on to third parties or used for advertising. You must have forgotten to tick a box / ticked the wrong box somewhere down the line.

  10. I wouldn’t call myself an expert on DPA, but I am involved in a lot of online marketing projects and from what I know this sounds right.

    Personally identifiable information is being passed without the person response. Even if the processing is automated and the detail deleted – which I doubt very much or what would be the point obtaining it?

    Has anybody checked to see if the data is being sent in a secure manner? (ie encoded) If it’s in plaintext then that’s potentially another breach.

    @T – If you haven’t given your permission (and that should be a positive act, not just not doing something) then the owner of the list is breaking the law by passing your details on. What’s more, this is more than just contact information, your voting intention could well be considered to be sensitive personal information.

  11. @Martin Burns: I did look into the sensitive personal data angle, but I think there’s a get-out clause for political organisations:

    “The processing is carried out in the course of its legitimate activities by any body or association which is not established or conducted for profit, and exists for political, philosophical, religious or trade-union purposes”

    …so I don’t think the extra conditions of sensitive personal data apply in this case.

  12. @ T
    I don’t think the analogy with mailing lists is correct. With a mailing lists you will have, at some point, allowed them to store your personal information (a checked or un-checked tick box somewhere). In this case the details will have (most likely) been given to the canvaser in a limited manner (ie the assumption that the person receiving the details will not sell them to a mailing list) and so to use them for anything other than the limited scope granted is to break dpa.

    To summerise: unless your friend gets your *express* permission to pass on your details to third parties (in this case the conservative party) they are breaking the law. Additionally the conservative party will be breaking the law if they fail to put in place proper safeguards for your information in that email account: ie they must authorise explicitly every person who sees that list.

  13. Good post Dave. You demonstrate more understanding of the DPA than most political parties/businesses!

    I’ve a fairly good knowledge of the DPA (I work in marketing & have to abide by it). What is described here seems to clearly contravene the DPA. If you’re gathering someone’s personal data via a 3rd party you would get the 3rd party to confirm they have permission (ie Peter must confirm he has Bob’s consent to pass Bob’s data on).

    The Info Commissioner would decide whether they are being clear about the use to which the data will be put. He would probably decide on ‘reasonableness’ ie what would you reasonably expect given how it was explained to you when you provided the data.

    Political parties often flout the DPA. In 2008 the Liberals ran unsolicited automated cold telemarketing (which would be illegal for other organisations). They got their knuckles rapped (http://is.gd/blLcC) Labour have been caught too (http://is.gd/blLjH)

    (Disclosure: I’m not affiliated to any party)

    Comment 4 T: The mailing list analogy is not correct. List sellers don’t have to ask permission every time they sell your details and list buyers don’t have to notify you of purchase either. List sellers either have your permission to use your data or they don’t. There is no volume restriction. They most likely got your permission by you not ticking an opt out when you complete a guarantee card or maybe you appear on the unedited electoral register which the council has then sold on. Or you signed up for something you wanted and didn’t check the small print which gave them permission to ‘pass data onto carefully selected third parties…’

  14. I think you are mistaken in assuming that, in all circumstances, the data subject has to give approval for holding data. There are 6 principles which apply to the right to hold and process personal data, and they are not all required – the minimum is one of them (to hold sensitive personal data, then there are further principles).

    For instance, the following might apply.

    Processing is necessary in order to pursue the legitimate interests of the “data controller” or “third parties” (unless it could unjustifiably prejudice the interests of the data subject).

    Most marketing call list would fall under this. Yes, there are some things you can do as an individual on this (systems such as the TPS), but they are often semi-regulatory or not covered by the DPA but rules such as those provided by Ofcom on call centres.

    Of course it would be odd if all uses of personal data had to be personally approved. For instance, there are credit histories which you have a right to see and get corrected, but not to approve.

    The DPA is a complicated thing, and there are all sorts of other rules that apply. In the case of elections, all political parties will have access to names and addresses via the electoral roll and will often handle such data..

  15. @Steve Jones: You’re right, only one of those six conditions has to be met, and it won’t always be the one about consent. As I say, I’m no expert on the DPA, but my understanding is that the other conditions wouldn’t apply in this case. I may be wrong.

  16. I’ve done more digging re: exemptions & ICO gives specific advice for political parties here:
    http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/promotion_of_a_political_party.pdf

    Section 7 specifies use of ‘viral’ data gathering. Oops, looks like they *should* have asked for specific consent from the person passing on the data if they are doing SMS or email campaigns (it doesn’t specify direct mail or phone calls so that is maybe a grey area?)

    Best give them enough rope, sorry, a dummy contact & see what they do with it?

  17. @Alex: My understanding is that when you report a problem, the report goes to Apple. However, Apple only tend to intervene if the app breaks Apple’s rules for app submission. From a quick read of the developer contract, I don’t think that the app would do so in this case.

  18. @Steve Jones

    I have never seen the legitimate interests principle used for marketing purposes (in c.20 years).

    You would *always* get consent.

    Years ago on a DPA course the example they gave for ‘legitimate interest’ was if I were selling you a car (eg I must pass your details onto DVLA).

  19. I work in IT in a company that does a lot of dealing with the public. We get compulsory DPA training every couple of years – that doesn’t make me an expert, but I do understand something of the realities.

    The DPA does not mean people have a veto over what data is held about them or even what it is used for subject to certain principles. There are rules, codes of practices and other laws that apply.

    Of course that doesn’t mean this system fully complies to the DPA – that would take a complete audit, but what’s on this page is not sufficient to say it doesn’t. It might not be good PR, but that’s a different issue.

  20. @Gill: Great find on that PDF link! Section 7, while relating to email, SMS and MMS, still makes the principles pretty clear around collecting other people’s data.

  21. @Tom Hughes: The phone calls might be considered “domestic” under the DPA, because they are being made by the individual to his friends, and not being made by the Conservative Party itself. If so, they might not require screening against the TPS. I’m not sure though – I didn’t research that particular angle.

  22. You obviously didn’t read the “info” before downloading the app.

    When using the “Call a Friend” feature, please confirm you have the consent of the friend or relative whose details you are passing onto us. The Conservative Party will inform your friend or relative how it obtained his or her details. Information obtained by the Conservative Party from this App will not be used for electronic mailing purposes.

    I think that covers the DPA.

  23. @Chris Mills Interesting! That information has only been added to the App Store description within the past half an hour or so. I wonder if this post had anything to do with it.

  24. @Gill

    I’ve certainly seen such use of personal data without personal approval (for sales and marketing). Think of all those cold calls trying to sell you new gas deals or the like. Nobody I know of signed up for that (hence the TPS which companies now get round by describing their calls as a “marketing survey” or calls from off-shore).

    In fact the guidance to political parties explicitly allows for unsolicited telephone calls (but they must comply with TPS – this one they might have trouble with, although as this is a “call from a friend” it might slip under the radar, but if canvassers are using this then they might be wise not to push their luck this way.

  25. You could be right there.

    What is more alarming to me is the Phone Bank in Labour’s iCampaign. How are they distinguishing between Labour Members non members in providing access to this feature?

  26. @Steve
    Sorry I wasn’t being clear. I didn’t mean you’d get consent pre-every call. But to use the data for calling, you’d have to have permission to use the data (as you would for a mailing list). It’s not so much that you’ve signed up for the calls but rather you have not opted out of them at whatever point your data was initially gathered.

    And you would check calling lists against TPS (if trying to remain legal/ethical). I agree the inbound international calling is an obvious loophole for unscrupulous callers. And people will always try to circumvent rules by doing ‘surveys’ I guess. I once had someone cold call me about a mortgage – which is definitely illegal!

    The (friend to friend) calls here are not covered by DPA I wouldn’t think. But calls subsequently made by Tories to Bob would be covered (though they don’t seem to be gathering phone numbers – only name & addresses – though that doesn’t stop them tracing the numbers…)

  27. I should emphasise I’m not politically affiliated (I studied physics and therefore don’t do or understand politics or politicians). However, for those interested, the ICO has served DPA compliance notices against political parties in the UK in the recent past. There’s a couple of recent ones on the bottom of this page

    http://www.ico.gov.uk/tools_and_resources/document_library/privacy_and_electronic_communications.aspx

    I’m sure if you look back in history you will find all the political parties represented.

    To take a controversial point, then I think we have to be very careful about putting even more constaints on political canvassers and activists. It might be annoying, and despite it not being my thing, legitimate access from poltical activists to members of the public serves democracy in my view.

  28. For me, the worst thing about this is the attempt to persuade people to betray friendships by snitching on the political affiliations of their friends. Personally, even if someone were to let me know what they were doing when they called, I’d still be slightly offended and hurt that they’d thought that I might have agreed to go along with it.
    If I was wearing my tin-foil hat, I’d be tempted to start drawing analogies with 1984.

  29. You make some good points, but one that I think both you and the above comments miss is the special exemption there is for canvassing: if you ask canvass someone and ask for their voting intention, you can (with various safeguards) record and use that data without having to get explicit permission at the moment of gathering in the way that you would have to do via other means.

  30. @Mark Pack: can you give more information? My understanding is that political parties still have to comply with the DPA when collecting personal data via a third party in this way. What exemptions does the DPA allow when canvassing? Could you post some links?

  31. @Dave: didn’t have the legal reference with me when commenting, but have got it now.

    The (partial) exemption comes from Schedule 3 of the 1998 DPA which gives power to the Secretary of State to make orders relaxing the rules to do with processing sensitive personal data ( http://www.opsi.gov.uk/acts/acts1998/plain/ukpga_19980029_en#pt1-l1g4 )

    The order is at http://www.england-legislation.hmso.gov.uk/si/si2000/20000417.htm and contains provisions related to matters such as fighting crime (e.g. you don’t have to ask a suspect their permission to process data to try to put together a prosecution).

    It also includes a provision for political parties (see clause 8). This removes the need for prior consent if the processing is done by a political party in pursuit of its legitimate activities and instead says that people can opt out and such requests must be honoured.

    I think the origins of this rest with the practicalities of someone on the doorstep canvassing you and recording your answer. Rather than requiring an extra consent at that stage, the law lets political parties record and use the information, but with the proviso that opt outs must be honoured.

  32. Somewhat paranoid. Most of the address data is available to the general public in the form of phone directories and electoral registers. Your name and address are boring. Marketing companies and NPOs already have your address; what they’re interested in (and what you opt-in to share) is interesting stuff, like your previous purchase history. Or your voting intention.

    I’d suggest that the datum that isn’t available (voting intentions) is the only thing that is under discussion, here. These data may not be publicly available, or may not be available to the parties.

    I believe that these are covered under the exemptions set out by the information commissioner.

    Trying to persuade ones friends that one’s political views are valid and admirable is hardly a crime. If it were, most bloggers and commentators would be in breach. I imagine a phone call from or a pub conversation with a Tory friend trying to persuade you how to vote might be annoying. But it would be entirely legitimate.

    Furthermore, attempting to discover the voting intentions of one’s friends is at worst socially clumsy, but it’s hardly suspicious activity.

    And (as a private individual) your friend would be unlikely to be covered by the DPA. What s/he chooses to do with the data you supply is – more or less – up to them.

    The only thing that I can find fault with is the use of email to channel personally-identifiable data. But it would be grotesque hypocrisy to claim that any of us is innocent when it comes to sending compromising data through the same channel.

    This is all a bit of a storm in a teacup; amplified by the digerati’s love/hate relationship with privacy issues. It’s hardly like they’re using the exemptions under the rules of canvassing to attempt to market to direct marketing opt-outs, now, is it?

  33. @Mark Pack: Thanks for the info! It certainly sounds as though sensitive personal data (schedule 3) has political exemptions, and I didn’t cover this in my original article as a result. But my understanding is that you also have to satisfy at least one of the conditions from schedule 2 in order to process any personal data. So sensitive data such as voting intention would be allowed in this case, as long as one of the schedule 2 conditions is also met. I may be wrong, but it looks as though the only relevant condition in this case is the one about consent. Your thoughts?

  34. @Mat Morrison: In this example, I don’t think Peter has to comply with the DPA, because the data he holds is counted as being held for “domestic” use. But if it is passed to the Conservative Party to assist with local canvassing, then they have a duty to ensure that it is gathered and processed in accordance with the DPA, even though it was submitted by a third party.

    My understanding is that political parties can send out one piece of personally-addressed mail to anyone on the electoral roll during an election campaign. That’s very different from building their own database through third-party marketing.

  35. @Mark Pack: Thanks for the extra info. Out of interest, which part of condition 6 applies in this case? Is it 6.1 (“necessary for the purposes of legitimate interests”), or 6.2 (“The Secretary of State may by order specify particular circumstances”)?

    If it’s 6.1, is the collection of this data really “necessary” (not sure of the legal meaning of that term)?

    If it’s 6.2, I thought that the “political party” exemption you mentioned before was used for Schedule 3 (aka condition 4.a.i) and therefore couldn’t also be used for Schedule 2? As mentioned before, I’m not an expert, but I thought the same condition couldn’t be used for both schedules.

  36. Even if Peter (to use the example) does get Bob’s permission to pass his data on, when did Peter agree to be an agent of the Conservative Party – maybe downloading the app in the first place is sufficient?

    Plus… sending plaintext e-mail with names and addresses in violates DPA too – it has to be sent securely, and plaintext e-mail just ain’t secure.

    And, is there a legal angle against Apple for allowing a potential law-breaking app to be sold in their online store?

  37. I think there’s a way the conservatives can get some honest and valuable data that they can then process without even using the names and addresses, thus staying clear of any perception of ‘evilness’.

    Just keep tabs of say, how much time did you spend talking with a close relative about the what. not reveal names. how much time with a senior citizen relative? etc…

    make it about the user and the user’s perception and keep track of how many conservatives HE/SHE knows.

    now, why would any normal person just want to have a list of their friends and relatives party affiliation is BEYOND ME.

  38. Interesting information about the DPA. As an aside, UK parties used to collect voter intentions for forecasting and also so local party activists could remind those who hadn’t voted (and had stated they would) by knocking on their door late on polling day. This app would provide that information. I don’t know whether this still happens as it’s many years since I’ve been interested in politics, but we used to do that. I know this is only a minor part of what parties can do with the information.

  39. Pingback: Teile des deutschen Luftraums werden geschlossen | Lastminute Reisen - Reisepreise im Reisepreisvergleich

  40. Pingback: Address Book security | This Much I Know

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>