Political parties can be fined up to 5 percent of their annual budget for “deliberately influencing, or attempting to influence, the outcome of elections by taking advantage of breaches of data protection rules. This is separate to other penalties they could face.
According to the European Data Protection Board, political parties, political coalitions and candidates increasingly rely on personal data and sophisticated profiling techniques to monitor and target voters and opinion leaders.
In practice, individuals receive highly personalized messages and information, especially on social media platforms, on the basis of personal interests, lifestyle habits and values.
Predictive tools are used to classify or profile people’s personality traits, characteristics, mood and other points of leverage to a large extent, allowing assumptions to be made about deep personality traits, including political views and other special categories of data.
The extension of such data processing techniques to political purposes poses serious risks, not only to the rights to privacy and to data protection, but also to trust in the integrity of the democratic process.
The Cambridge Analytica revelations illustrated how a potential infringement of the right to protection of personal data could affect other fundamental rights, such as freedom of expression and freedom to hold opinions and the possibility to think freely without manipulation.
European Parliament Civil Liberties, Justice and Home Affairs Committee Chair Claude Moraes said, “These new rules are an important step in the right direction and will introduce financial sanctions on European political parties that deliberately infringe data protection laws or attempt to influence elections. Some of the proposals in the European Parliament’s resolutions adopted in October last year, called for full audits and new measures to prevent the interference in elections.”
Mr. Moraes also stated that “We also need to move forward with the e-Privacy Regulation, which is much needed to protect the privacy of communications data, building on the protections of the GDPR for personal data,” he said. “Progress is being made, but more action is needed to fully protect citizens’ privacy and restore trust and confidence in our democratic systems”
Independent auditors have been appointed to carry out “verification procedures” to determine whether breaches of the EU General Data Protection Regulation are linked to political activities and what influence they have had on the outcomes.