Canada’s Political Party Privacy Hall of Shame
The top privacy breaches of all time by political parties
Political campaigns in Canada aren’t fighting it out in paper and print anymore; they’re online, sending you targeted ads, SMS messages, and sliding into your DMs. To gain an advantage over each other, parties now try to leverage sophisticated data analytics to understand voters – to understand each of us – on an unprecedented level. They collect information from various sources, including social media, surveys, and even public records. The goal: tailoring their campaign messages and advertisements to appeal directly to the hearts and minds of individual voters.
But where should the line between strategic campaigning and invasion of privacy be drawn? It seems that, for political parties in Canada, this line is not just blurred but virtually nonexistent.
Surprisingly, the rules that govern data protection in Canada have a blind spot when it comes to political parties and other campaign organizations. While businesses and government agencies are bound by stringent privacy laws, political parties and nonprofits are not held to the same standard. These legal loopholes allow them to collect, analyze, and utilize our personal information without the same level of accountability that we would expect from business OR government.
So we thought we’d document some of their worst behaviour. Brace yourself for the Hall of Shame Chronicles, as we expose the most egregious transgressions, intrusions and invasive privacy breaches we’ve found yet. These are the kinds of things that can happen when political parties – their candidates, workers and volunteers – are not made legally responsible for the personal data they collect.
Most Cross-Partisan Privacy Blunder:
In 2021, an Ottawa-area MP, Liberal Chandra Arya, apologized to constituents after his office sent the private information of 900 voters to a mailing list of Conservative staffers (!!). You’d think there would be serious consequences for such a major screw-up? Apparently not. The MP faced no punishment for this breach. If a company or government department had a similar breach, they'd face hefty fines or sanctions from the Office of the Privacy Commissioner. But here we are – letting the rules slide for politics—no slap on the wrist, no fines, no rules that protect YOU.
Most Shameless Voter Fishing Expedition:
In 2019, the Conservative Party of Canada mass-texted millions of randomly generated phone numbers in New Brunswick, Saskatchewan, Manitoba and Ontario, telling recipients that gas prices were about to spike due to the looming Liberal carbon tax and urging them to fill up. The party employed unique web addresses for each recipient so they could track not only interest on the topic but also were able to collect personal information, adding unsuspecting individuals to their mailing list without their express consent or knowledge.
Most Uncomfortably Invasive Voter Targeting:
Another incident from the Conservatives involved members of the LGBTQIA+ community receiving an email in 2012 from Jason Kenney, then associated with the federal Conservative Party. The email outlined how the Conservative Party was supporting individuals from the LGBTQIA+ community in Iran, leaving recipients questioning how the party acquired information about their sexual orientation. It was later revealed that the data was collected in 2011 by Kenney's constituency office, raising ethical concerns about the use of personal information by political parties and MPs having such private information at their disposal.
Worst Security around Voter Information:
In a stunning display of negligence, the Green Party earns its spot in our Hall of Shame with a 2023 blunder. Tens of thousands of names, addresses, and birthdates, all publicly available and downloadable on their website, demonstrate a colossal failure to uphold their own privacy policy. Elizabeth May's dismissive response, claiming the information was "misfiled," only adds a layer of incredulity to the Green Party's claim of implementing safeguards against unauthorized use. Welcome to the Hall of Shame, Green Party - where privacy is seemingly filed away with reckless disregard.
Most Casual Attitude to Voter Information Sharing:
In 2017, the British Columbia Liberal Party filed a complaint with the province's privacy commissioner, alleging the New Democratic Party breached privacy protection laws by sharing its supporter list with "politically friendly" groups." This secret arrangement raised serious concerns about consent and the sharing of personal information, including addresses, home telephone numbers, and political affiliation, with third parties. The incident underscored the need for transparency and accountability in the handling of voter information by political parties.
Canada takes the lead in privacy legal loopholes:
Political parties utilize sophisticated data-mining practices to collect sensitive data without individuals' knowledge or consent, casting doubt on the legitimacy of elections. Astonishingly, in provinces like Alberta and every other province except B.C., political parties are shockingly exempt from privacy laws. This exemption allows them to engage in intrusive data collection and analysis activities without facing the same legal consequences that businesses and other organizations would encounter.
For example: The United Conservative Party merger and leadership campaigns saw Albertans wondering why they were receiving calls from candidates or parties. It's all perfectly legal thanks to Alberta's Personal Information Protection Act, which expressly, and shockingly, excludes political parties from the law. The Act also offers no recourse for voters to complain to an independent body about a political party's privacy practices.
The documented transgressions by various political parties in Canada (and many others could be mentioned) underscore the pressing need for a robust framework that holds them accountable for safeguarding citizens' personal information. As the digital landscape continues to shape political campaigns, political parties must be held to the same reasonable standards as private companies when handling personal data.
Currently, they aren’t private companies subject to PIPEDA, our private sector privacy laws, nor are they subject to The Privacy Act, which regulates government agencies' handling of our personal information, political parties are largely left to make up their own rules when it comes to protecting your data and your privacy. It’s long overdue that Canada's political parties are finally held accountable. We need to strike the right balance between effective campaigning and respecting individuals' privacy. This is crucial for maintaining the integrity of democratic processes in Canada.