For the European elections on 9 June 2024, the CNIL is reactivating its “election observatory”. Its remit is to monitor political communication practices, engage in dialogue with parties and candidates and inform voters of their rights.
The context
Political communication and canvassing rely on the increasing use of personal data, and are no exception to the accelerating digitisation of our society. New online practices have been developing for several years, particularly through social networks.
Compliance with data protection rules has become a central issue in the electoral process and, more generally, in democratic life. More and more people are contacting the CNIL about the bad practices they observe, and are not hesitating to denounce them publicly.
To address these issues and ensure that political parties and candidates take account of data protection legislation in their practices, the CNIL set up an election observatory in 2012. In particular, it monitors requests made to the CNIL during election campaigns, such as requests for advice from candidates or reports of bad practices.
Priorities for the 2024 European elections
For the 2019 European elections, the CNIL received a total of 697 reports, with a peak in the last few days of the election campaign.
These elections highlighted the increasingly frequent use of new methods of electoral canvassing, for which the vast majority of reports concerned telephone calls and SMS messages (93%), with the remainder relating to e-mails (6%) and letters (1%).
This year, the CNIL’s action plan will therefore focus on compliance of telephone canvassing practices with data protection legislation, the re-use of files for electoral propaganda purposes, information for data subjects and the security of data collected by companies offering innovative voter targeting services for candidates.
The CNIL will also pay particular attention to the impact of artificial intelligence on political communication strategies and to the forthcoming European regulation on transparency and targeting in political advertising.
The main tasks of the Elections Observatory
The main purpose of the various actions carried out by the CNIL during the election period is to ensure that individuals are better able to exercise their rights and that the principles of the RGPD are effectively implemented in political communication operations.
In practice, the CNIL works with data controllers (political parties and candidates) and data subjects (voters).
Actions taken with political players and their service providers
First of all, the CNIL sent a series of letters to political parties and the heads of lists that had officially declared themselves in order to make them aware of the data protection issues and the best practices to be followed. Similar letters have been sent to companies offering electoral strategy software.
It complements this support approach by providing tools and practical advice on how to comply with data protection regulations.
A reporting platform for voters
In addition to its role in supporting candidates and parties, the CNIL provides voters with :
- a practical information sheet outlining their rights during the elections ;
- a form to enable them to report to the CNIL any practices they consider to be in breach of the RGPD.
Throughout the campaign, the CNIL examines the reports and complaints it receives in connection with political communication operations. This information should enable it to react quickly to practices that might reveal a lack of compliance with data protection regulations and, if necessary, to carry out checks.
On the basis of its investigations, in the event of a proven breach, the CNIL is likely to adopt corrective measures (formal notices or sanctions).
After the European elections, the CNIL will draw up an assessment of the actions it has taken and the practices observed.
https://www.cnil.fr/fr/elections-europeennes-2024-le-plan-daction-de-la-cnil-pour-proteger-les-donnees-des-electeurs