An illustration of political campaigns sharing voter data.

Political campaigns and your personal data

Share this page

During this American presidential election campaign season, politicians have scored points calling out tech companies(new window) for abusing the personal data of their users. Yet many political campaigns are engaged in very similar practices. 

Political campaigns are now sophisticated data operations that collect mass amounts of personal information from their supporters and potential voters. Their methodology is similar to Google’s or Facebook’s. The main difference is Google uses its data to nudge you to buy something, while political campaigns use their data to nudge you to vote for their candidate.

This blog post will look at how political campaigns collect data on their supporters, what they do with that data, and how secure it is. We will also cover what you can do to keep your data private.

How election campaigns get your data

Almost every modern election campaign hires data brokers to collect data on potential voters. (This report from Tactical Tech(new window) lists case studies from the US, the UK, Chile, Kenya, the Philippines, India, Taiwan, Mexico, and the Dominican Republic.) Political campaigns now rely on data to inform everything they do, from where they campaign to whom they target, even down to the specific wording an ad will use. This thirst for data has not just infected American political parties, but practically every international democracy.

Political campaigns rely on both public and private data. An example of public data includes voter registration records or some types of polls. Campaigns also do large amounts of work to build up stores of private data. They run private polls and surveys and use the party’s proprietary and membership data. They collect this data directly from their supporters and donors with their consent, using sign-up sheets and mailing lists.

A data broker is an independent organization or company that collects, aggregates, and analyzes data from multiple sources. They use different strategies to compile data on potential voters, but they all aggregate both public and private data. Cambridge Analytica infamously collected data on millions of Facebook users. Other data brokers cull publicly available data, such as census records, driver records, and social media profiles, and mix it with consumer and user databases.

Consumer data is exploding thanks to the proliferation of surveillance capitalism. Examples of this type of data includes consumer purchase histories, credit card transaction records, and Internet service provider browsing histories. Data brokers collect much of this data without the voters’ knowledge and they combine it to make extremely comprehensive, and in some cases frighteningly predictive, voter profiles.

The result is that political campaigns have access to truly massive databases. Cambridge Analytica famously claimed(new window) in the 2016 US presidential election that it had 5,000 data points on 240 million Americans. Another data broker that is funded by the Koch family, i360, claims to have 1,800 data points(new window) on over 270 million Americans. 

Finding voters on social media

Political campaigns use this data to build models that predict what will motivate or discourage individual voters. They use this information to make highly specific social media ads that they deliver to targeted groups.

For example, one data broker, Dstillery, ran an independent survey during the 2016 Iowa caucus. They found there was a high correlation(new window) between Iowans who enjoyed grilling outside and Trump supporters. The Trump campaign could have used that information to deliver concentrated “get out the vote” messaging to anyone that had a picture of themselves at a backyard barbecue on Facebook. Similarly, the Clinton campaign could have used this data to send out targeted negative ads. 

What’s the problem?

That political campaigns use data is not new. Polling has been around about as long as professional campaigning, and Barack Obama’s 2008 campaign was praised for its masterful data operation(new window).

However, the amount of data political campaigns have access to, and that data’s sensitivity, has reached new heights. Fueled by the explosion of consumer data and the proliferation of data-collecting devices, the amount of data created worldwide is accelerating at an exponential rate. According to a 2018 Demos report(new window), IBM estimated that 90 percent of the data that exists today was created in the last two years.

Additionally, most people don’t know what information political campaigns have on them. It is one thing if you share information willingly with a political campaign you support. It is another thing if that campaign accesses your data without informing you that they have it or asking your permission. If a political campaign were to ask you for your credit score or your whereabouts for the past week(new window), you’d likely refuse to answer. However, a campaign, through its data broker, likely already has that data on you.

Furthermore, users have very little idea about what campaigns do with their data once it has been collected. It has become standard practice for political campaigns to “rent out” their database. Nearly every candidate that dropped out of the 2016 US presidential election sold, shared, or rented out the data of their supporters(new window) to third parties. These third parties can be other candidates, political action committees, the national political party, or private firms.

In the US, if you give data to a candidate by filling out a campaign survey or questionnaire, they can generally sell or share it without informing you or asking your permission.

Lack of security

The other problem of having these massive databases is that political organizations are not exactly known for their IT security. Everyone has heard of the phishing attack (new window)that compromised Hillary Clinton’s campaign manager(new window) during the 2016 presidential election. And one year later, in 2017, the Republican National Committee suffered a data breach(new window) that exposed the names, addresses, and phone numbers of nearly 200 million Americans.

What you can do

The best solution is to call for increased transparency into how political campaigns collect and use data. Just like the GDPR(new window) allows you to request what data a corporation has on you(new window), you should be able to ask what information a political campaign has on you and where it came from. This would require new regulations. Until that happens, there is little you can do other than attempt to minimize your data footprint(new window). You can take the following actions to limit what information political campaigns can access:

As we have seen through data breaches and hacks in the past, data is power. The electorate has a right to know how their data is being used and to expect data they share to be secured.

Best regards,
The Proton Mail team

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window) or donate(new window). Thank you for your support.

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe
Last week, the UK government made a statement in the House of Lords acknowledging that portions of the controversial Online Safety Bill might not even be technically enforceable without breaking end-to-end encryption. This rightly received a lot of a
What is email spoofing?
Email spoofing is a technique attackers use to make a message appear to be from a legitimate sender — a common trick in phishing and spam emails. Learn how spoofing works, how to identify spoofed messages, and how to protect yourself from spoofing a