Commentary

CA, Vote Leave And AIQ Will Get Bashed By MPs, But Little Else

It might at first appear to be big news that Cambridge Analytica's boss, Alexander Nix and Dominic Cummings, the campaign director for Vote Leave, are being summoned to appear before the Digital, Culture, Media and Sport parliamentary committee.

Both had previously claimed that he could not attend while the ICO was looking into CA and the Electoral Commission was investigating political advertising during the Brexit referendum. However, both bodies have given the green light and now there is no excuse to turn up, probably at the start of next month. 

For me, however, the big interview I'm looking out for is the AIQ boss, Jeff Silvester, appearing next week. This has to be where the juicy questions lie, even if the answers aren't to the satisfaction of the MPs asking them. The suspicion that politicians want to air is that AIQ did for Brexit what CA claimed to have done for Trump. There seems to have been some working together at some level between the two companies, but since AIQ is Canadian and outside EU jurisdiction, it is hard to be sure. 

The accusation will be that AIQ used Facebook data -- whose legitimacy may be under question -- to target voters with advertising paid for by Vote Leave, the official organisation calling for a 'Leave' vote in the referendum. It is not secret that the two worked together, and Facebook estimates AIQ spend GBP1.5m on advertising on its platform during the campaign.

The problem is, what law did AIQ break? If the data about likely voting intention that was gathered from an app, is this illegal under the Data Protection Act? I'm not so sure it is. There are some grey areas within the law but it is not until May 25th when GDPR is activated that political views becomes a sensitive form of personal data that can only be processed with the explicit consent of each individual involved. 

The main question for me was where was this data processed. AIQ has been accused by the ICO of not fully assisting its investigation, claiming that it is Canadian and thus lies outside the UK data protection watchdog's reach. It may have a point. However, if British personal information was sent abroad, outside the EU, then I would say there may be a case for challenging the transfer of the data. It will come down to interpretation regarding whether it was needed and whether there were safeguards where it went. That really is one for the ICO to work out.

However, if the data was gathered in the EU and processed in the EU, I'm struggling for the part that breaks the Data Protection Act -- GDPR would definitely have been broken, but it's not the law until the end of the month and can't be retrospectively applied. One could possibly argue that it would cause distress to people to know their data was being used by Brexiters, but it may be a bit of a stretch.

As for CA, its boss Nix is now famous for making bold claims, but the Electoral Commission today revealed that it is satisfied it did not work with the Leave.EU group, beyond preliminary meetings, despite what the company claims. There will doubtless be a discussion about whether British personal data was compromised in its efforts to apply data from a personality test to voting patterns. Again, it is what Zuckerberg would call a breach of trust. A breach of the Data Protection Act? I'm not so sure. 

My prediction? If all three -- from CA, AIQ and Vote Leave -- make an appearance, they will be beaten by a barrage of questions. It will be a very uncomfortable experience, and some going back on previous statements might well ensue.

Will any of this lead to any charges for breaching privacy rules? I very much doubt it. Will it require a re-run of the referendum? Not a chance. 

Next story loading loading..