Labour Party spied upon its members

And, allegedly, did so by violating the EU’s General Data Privacy Regulations in connivance with Twitter and Facebook:

A leaked internal Labour Party report has hit the headlines because of lurid statements allegedly made by staff. What has been missed however, receiving barely any coverage, is an apparent admission that, using a secret deal with Facebook and Twitter, the Labour Party has been running automated surveillance on its own members. If true, this is manifestly unlawful – each member affected would almost certainly have a valid claim in damages under Data Protection legislation.

In the furore about the leaked Labour report, many commentators have focused on the supposedly racist, sexist, and / or ableist remarks. There is also the apparent dishonest treacherous plotting. It is important to remember of course that this report was produced by a bitterly infighting party and its contents are disputed. Former staff who were criticised claim that accusations about their conduct were never put to them.

Labour had automated software that reconciled its privileged access to Twitter and Facebook data with their membership database to identify and monitor member accounts.

It is worth turning to the Data Protection Principles set out in the Data Protection Act 1998, which was in force at the time (replaced by the EU General Data Protection Regulation and Data Protection Act 2018 in May 2018). The principles were set out in section 4 (archive) and Schedule 1 (archive).

Of especial relevance, these principles included processing data, “fairly”, holding data that was “not excessive”. Fairness usually means notifying members of the way their data will be used. A quick glance at Labour’s current terms on its, ‘Join’ page does say that email addresses will be used to contact members. It says nothing about consenting to Orwellian real time monitoring for wrongthink.

Furthermore, on the topic of fairness, it is alleged that the Governance and Legal Unit deliberately hid aspects of the project from the Labour Party’s supreme body, the NEC. It is alleged that Sam Matthews, a Compliance Officer, stated – “we don’t want the NEC to have much of an idea how many there are to review (we’re worried they’ll get scared)”.

Volunteers were used to review the data produced by the automated scan, including 10 Labour Students. Two were from pro-remain group, “Britain Stronger in Europe”. The program would scan for juxtapositions of wrong or abusive terms and the Twitter handles of Labour MPs. That is, for tweets likely to be rude tweets directed at Labour MPs. However, it only included a subset of Labour MPs. Some MPs were not included for protection. Whilst the report alleges that this was factional, the reason does not really matter. Personal data linked to members and MPs was apparently processed in a manifestly unfair way, with oversight and disclosure intentionally thwarted….

This is probably the most sinister thing I have ever seen ever out of Big Tech. A major political Party, conspiring with the world’s two largest social media companies, to scan its members feeds and expel or suspend them for “incorrect” views. I would say it should be against the law but of course it is.

It’s long past time for European countries to follow the wise lead of China and Russia by banning systematically lawless technology companies like Twitter and Facebook. And the allegation that Twitter is guilty of violating the GDPR is strongly supported by the fact that it responded almost immediately to the author’s email, in contrast to the smug silence with which it greets most emails from its users.

“Twitter disputes the factual characterizations and legal conclusions in your email and your draft blog post. We reserve all rights and defenses.”

Ooh, they reserved their rights and defenses? So intimidating! As if Twitter wants to get within one thousand miles of a European court investigating their GDPR violations and data security practices. And Twitter is very far from the only US-based tech company to be suspected of serially and systematically violating GDPR as well as other data privacy laws.

But they’ll have their chance to defend their practices, as they have already been reported to the Information Commissioner by the author.