Resolution on the Use of Personal Data for Political Communication -...
Resolution on the Use of Personal Data for Political Communication - Montreux (Switzerland), 14th to 16th September 2005
[doc. web n. 1170616]
[ doc. web n. 1170546]
Montreux (Switzerland), 14th to 16th September 2005
Resolution on the Use of Personal Data for Political Communication
Submitted by the Italian Data Protection Commission with the support of the Swiss Federal Data ProtectionCommissioner, the Federal Data Protection Commissioner of Germany, the Inspector General for Personal Data Protection of Poland, the Data Protection Commissioner, Berlin
Whereas political communication is a fundamental instrument of the participation of citizens, political forces and candidates to the democratic life and recognising the importance of freedom of political speech as a fundamental right;
Whereas citizenship presupposes the rights of citizens to obtain information and to be adequately informed during political and administrative electoral campaigns; whereas these rights also apply to other topics, events and political positions useful for making informed choices regarding other issues of political life -referenda, selection of candidates, access to information within political organizations or from elected representatives-;
Whereas political forces and in general political organizations, as well as elected representatives, use various means of communication and fund raising, sources of information and new technologies, in order to establish direct and personalized contacts with vast categories of data subjects;
Whereas in a growing number of countries there is a trend towards increasing institutional communication from elected candidates and bodies, including at the local level or through e-government; whereas this activity, sometimes requiring the processing of personal data, corresponds to the rights of citizens to be informed of the activity of the above-mentioned elected;
Whereas in this framework a large quantity of personal data is continuously collected by political organizations, and is sometimes processed with aggressive modalities, applying various techniques including polls, collection of e-mail addresses via software/search engines, city-wide canvassing or forms of political decision making through interactive TV, voter isolation files; whereas these data sometimes unlawfully include (in addition to mailing addresses, phone numbers, e-mail accounts, information related to professional activities and family relationships) sensitive data related to real or supposed moral and political convictions or activities, or to voting activities;
Whereas there is invasive profiling of various persons who are currently classified -sometimes inaccurately or on the basis of a superficial contact- as sympathizers, supporters, adherents or party members, in order to increase personalized communication to groups of citizens;
Whereas these activities must be carried out in a legal and correct manner;
Whereas it is necessary to protect the fundamental rights and freedoms of the data subjects and to prevent, with appropriate measures, unjustified intrusions, damages and costs for the data subjects, in particular negative effects and possible discriminations in their personal sphere as well as their renunciation of some forms of political participation;
Whereas the objective of protection could be achieved taking into consideration the relevant public interests related to some political communication activities as well as adequate modalities and guarantees related to internal communications directed to party members or to common citizens;
Whereas, in this perspective, responsible marketing can be encouraged without limiting the circulation of ideas and political proposals and although political communication sometimes shares many of the characteristics of promotional activity, it has some characteristics that are distinct from commercial marketing;
Whereas data protection law is already applicable to political communication in many jurisdictions;
Whereas there is a need to ensure the respect of data protection principles and develop a worldwide minimum standard which might contribute to the harmonization of the levels of protection of data subjects, using national and international codes of conduct as one of the basis and taking into account specific solutions and rules observed in various countries;
Whereas existing data protection and privacy commissioners could play an increasing role in planning coordinated actions also in cooperation with other supervisory authorities competent in the fields of telecommunications, information sector, opinion polls and electoral activities;
the following Resolution
Any political communication activity, including those not related to electoral campaigns, which entails a processing of personal data, should respect fundamental rights and freedoms of interested persons, including the right to the protection of personal data, and should comply with data protection principles affirmed, specifically:
Data minimization principle
Personal data should be processed only when is necessary to fulfil the purposes for which they are specifically collected.
A lawful and fair collection
Personal data should be collected using lawfully knowledgeable sources and should be processed fairly. It should be verified that, according to the law, some sources are publicly accessible or can be used exclusively for specific purposes or under certain modalities or for a limited occasion or period of time.
Specific attention should be paid in case of aggressive contacting modalities of the data subjects.
Quality of data
The other data quality principles should be respected during the processing. In particular, data should be accurate, relevant, not excessive and kept up to date in relation to the specified purposes for which they are collected, especially when the information is related to data subject´s social or political opinion or ethical conviction.
Personal data extracted from private or public sources of knowledge, institutions or associations can be used for political communication when their further processing is compatible with the purposes for which they were collected and made already known to the data subjects, in particular when data are sensitive. Elected representatives must respect these principles when they use for political communication personal data collected for the exercise of their institutional functions.
Personal data originally collected for marketing activities on the basis of an informed consent can be used if the political communication purpose is specifically mentioned in the consent declaration.
Personal data should be processed only with modalities and operations relevant to the purposes, in particular in case of data related to potential electors or of comparison of data extracted from different archives or data banks.
Personal data, particularly those stored after the occasion for which they were collected, can be further processed if the political communication purposes are in the course of being achieved.
Information to Data Subjects
An information notice, adequate to the communication means chosen, is to be provided to recipients prior to the collection of data from the data subject, specifying the identity of the controller (single candidates; an external campaign manager; local group of supporters or local or satellite associations; the party as a whole; etc.) and the kinds of data flows to be expected among such entities.
The data subject should be informed when data are not obtained from him/her, at least when data are not merely stored temporarily.
It should be verified that the processing of personal data is based on the data subject´s consent or on another legitimate ground provided for by the law. The processing should respect specific rules provided by each country depending on sources or means of communications used, in particular in case of e-mail addresses, fax numbers, SMS´s or other text/picture/video messages and pre-recorded phone calls.
Storage of data and security measures
Each controller -a political force or a single candidate- must take all technical and organizational security measures to safeguard the integrity of the collected information and to prevent data from being lost and/or used by unauthorized persons or entities.
Rights of Data Subjects
Data subjects should be granted their rights of access, rectification, blocking and/or erasure, as well as their right to object to unsolicited communication and to request –free of charge and according to simple mechanisms– not to receive future additional messages. The existence of these rights should be mentioned in the data subject´s notices.
Adequate remedies and sanctions should be provided in case of breaches of these rights.