Europe’s data regulator has imposed its first penalty on an EU institution for taking enforcement action against the European Parliament’s use of products from NationBuilder, the US digital advertising agency, which is used to process voter data ahead of spring elections,media TechCrunch reported.
NationBuilder is a veteran company in the field of digital advertising campaigns – in some markets, digital advertising campaigns are almost everywhere. But in recent years, European privacy regulators have questioned whether all of its data processing activities comply with regional data protection rules in response to growing concerns about election integrity and data-driven voter online manipulation.
The European Parliament has used NationBuilder as a data processor for public engagement to promote voting in the spring election, which runs through a website called thistime.eu. The website collected personal data from more than 329,000 people interested in the EU election, which was processed by NationBuilder on behalf of parliament.
As noted in its press release, “in view of the company’s previous disputes,” the European Data Protection Authority (EDPS) began its investigation in February 2019 and took the initiative. Parliament was found to have breached regulations on how eu regulators could use personal data relating to the selection and approval of subprocessors used by NationBuilder.
Law enforcement action was not made public until a hearing earlier this week. At the time, Assistant Head of Data Protection Wojciech Wiewi?rowski mentioned the matter in a question-and-answer session in front of the Ministry of Environmental Protection.
He called the investigation “one of our most important cases of the year” but did not specify the data processor. He told MEPs: “Parliament cannot establish a real audit of those who deal with it. “Both parties have no control over how the contract is completed. He added: “Fortunately, there was no adverse data, but we had to terminate the contract to delete the data.” “
When TechCrunch asked EDPS on Tuesday for more details about the case, a spokesman told us that the matter was “still ongoing” and “in the process of being finalized” and would be communicated as soon as possible.
The comment provided by Wiewi-Rowski reads:
The EU parliamentary elections come after a series of election controversies within EU member states and other countries that revolve around the threat posed by online manipulation. Strong data protection rules are essential to democracy, especially in the digital age. They help to increase trust in our institutions and democratic processes by promoting the responsible use of personal data and respect for individual rights. With this in mind, from February 2019, EDPS has taken positive and decisive action in the interest of all individuals in the EU to ensure that the European Parliament adheres to the highest standards in the collection and use of personal data. It is encouraging to see good cooperation between EDPS and the European Parliament in the course of this survey.
The regulator said it would “continue to examine parliamentary data protection procedures”, indicating that the European Parliament had completed its intention to notify individuals of their intention to retain the personal data collected by the whistleblower website until 2024. It also warned: “The results of these checks may lead to other findings.” He added that it intended to complete the investigation by the end of the year.
Asked about the case, a spokeswoman for the European Parliament said the move was aimed at encouraging EU citizens to participate in the democratic process and that it used digital tools and traditional campaign ingenuity to try to achieve that goal.
She said NationBuilder had been used as a customer relationship management platform to support contact with potential voters – by making offers to interested citizens to sign off on parliamentary information about elections, including activities and general information.
Some of the regulatory issues with NationBuilder focus on how to match the data stored in the campaign’s database with publicly available social media data, such as unlocked Twitter accounts or public Facebook.
In 2017, NationBuilder suspended the sale of data matching tools on the market, with the intervention of France’s national data regulator.
Britain’s information commissioner warned last year that political parties should provide privacy notices to individuals whose data is collected and matched from public sources such as social media. “The ICO is concerned that political parties are using this feature without providing sufficient information to those affected, and have not ordered a ban on the use of the matching feature,” the ICO said in its report.
Its investigation confirmed that nation Builder was used by as many as 200 political parties or campaign groups during the 2017 UK general election.