by When you interact with political campaign websites, you may unknowingly be putting your personal data at risk, according to a recent study conducted by researchers from William & Mary, Google, and IBM. The study, published in the IEEE Symposium on Security and Privacy, examined the privacy practices of 2,060 House, Senate, and presidential campaigns during the 2020 United States election cycle, making it the first large-scale analysis of its kind.
The findings of the study were concerning, revealing that many political campaigns retained extensive private data without specifying how long they would keep it. Privacy disclosures were often incomplete or nonexistent, and the campaigns were likely to share or sell data with other campaigns after the election. This included highly private data such as contact information and browsing habits, allowing campaigns to build user profiles without explicit consent. The use of undisclosed trackers also exposed users to microtargeted political ads, which have been criticized for their manipulative nature and potential impact on democracy.
Co-author Adwait Nadkarni, Associate Professor of Computer Science at William & Mary, emphasized the importance of not providing personal data in the first place to ensure its safety. However, this may not always be possible as over two-thirds of the campaigns examined collected personal information through their websites. Email addresses and phone numbers were the most commonly collected data, with other types ranging from political opinions to social media information and, in some cases, sensitive data such as union status and race.
The study also looked into the sharing of data by campaigns and found that 31% of them shared email information with other political entities. However, over a third of these campaigns did not mention data sharing in their privacy policies. Additionally, 61% of campaigns using fundraising platforms did not have a privacy policy at all. This lack of transparency raises concerns about how user data is handled and protected.
Although the study found that campaign websites were generally secure, researchers discovered that a small number of them included malicious outbound links that were not adequately vetted. Furthermore, 73% of campaigns utilized trackers, but almost two-thirds of them did not have a privacy policy. Among those that did, one in four did not mention the use of trackers.
The implications of this study highlight the need for stronger privacy regulations and transparency practices in political campaigns. Political campaigns, classified as nonprofits, receive less scrutiny in terms of data privacy compared to commercial enterprises. However, they collect valuable data that can have a significant impact on individuals’ privacy and potentially on democracy as a whole.
This research collaboration between William & Mary and IBM Research aligns with the university’s Vision 2026 strategic plan, focusing on data and democracy initiatives. It sheds light on the importance of addressing privacy concerns in the digital age and underscores the need to protect user data from exploitation in the political realm.
*Note:
1. Source: Coherent Market Insights, Public sources, Desk research
2. We have leveraged AI tools to mine information and compile it
