A lot of people who I know – regardless of politics – admit having a soft spot for Boris Johnson. When playing the left-leaning parlour game of “Name A Senior Tory You Wouldn’t Slap”, Boris seems to win out quite a lot (I’m virtually the only person I know who likes Eric Pickles). I’m a member of the Mercutio* party anyway, but Johnson never gets my vote. I don’t know if it’s the self-conscious hair, his exceptionally grating silly ass persona, or simply the fact that despite being a calculating and ideological politician, he has convinced so many that he is some sort of cuddly figure of fun – whatever it is, I can’t stand him.
However, I enter the ‘Twittersnatch’ debate not merely to have a pop at the current Mayor of London. After all one of the problems with the current mayoral battle is that, for my money, it resurrects the gag from the 1960 US Presidential election (‘be thankful only one of them can win’). In my view, the appropriation of the Mayor’s following and the ‘so what’ reaction of Johnson’s people demonstrate that politicians still don’t understand social media or data protection.
The story goes like this: Boris Johnson’s Twitter account was @MayorOfLondon. In order to campaign for re-election, he changed his Twitter name to @BorisJohnson, taking all of his followers with him: http://www.bbc.co.uk/news/uk-politics-17450985. Following a flurry of criticism, a new account was born (@BackBoris2012), and only those who followed that new account will receive the campaigning tweets. If at this point, you’ve lost interest, I don’t blame you. This is not a titantic struggle of ideals, but a playground squabble.
However, what is the Data Protection angle in this spat? Guido Fawkes pointed out (somewhere that I can’t bloody find and will correct when I do!) that Johnson apparently brought many of his followers with him when the @MayorofLondon account was created, so surely, they should have expected whatever promotional guff spews from the excited fingers of whichever Damian or Jemima is operating the account on any given day?
I’m starting from the presumption that a twitter name is personal data. It’s unique, it applies (mostly) a living individual and in most cases, the living individual can readily be identified from the profile page. Many of the @MayorOfLondon followers will be clearly identified as real people merely by knowing their twitter name. I’m told that the @MayorOfLondon account was used as a GLA tool to promote the ceremonial or London-plugging elements of Johnson’s role, so anyone who followed it would have a reasonable expectation that their data (the twitter name) would be processed solely for that purpose. Even if this was a promotional purposes, it is obviously different from the aim of getting Johnson re-elected. The Data Controller of that twitter account – if used to promote the Mayoralty and not Johnson the Conservative politician – was the Greater London Authority. The Data Controller of the Boris Johnson account – if used to get him re-elected – would either be Johnson, the Tory Party or some campaigning hybrid of the two.
Twitter, like most social networks, is a strange world that doesn’t easily fit into the neat definitions of Data Controller or Data Processor – Twitter can’t be the latter because it just sold two years of tweets to Datasift, a company with a name so explicitly Orwellian I have to assume it’s an elaborate corporate joke. Nevertheless, within the overall portal / umbrella, a corporate outfit / campaigning politician asking for personal data in order to send out messages is a data controller to the extent that they decide what happens to their following. They should not act in a high-handed manner, and cannot ignore UK law. Followers cannot fairly be shunted over into a channel devoted to a political purpose without some explicit opt-out (at best). The first Data Protection principle demands that the use of personal data is fair, and it isn’t fair to completely change the purposes for which you process a Twitter follower’s name.
For that reason, I think it’s at least arguable that the data of any identifiable Twitter user was used unfairly, assuming they were individuals as opposed to corporate users like @angrybirds or imaginary ones like @pobgovebot, and especially if they signed up during the @MayorOfLondon phase, rather than being moved over from a previous Johnson account. I can’t imagine that the Information Commissioner’s Office will weigh in heavily now, nor is there much point in them suddenly finding their ass-kicking gear. But if this is the last idiotic wheeze that comes out of either side of the Livingstone / Johnson smackdown, I will be very surprised.
The problem is, in my experience, people involved in politics tend not to know much about data protection, and even less about direct marketing. It’s worth noting that Labour, the Liberal Democrats, the Conservatives and the Scottish Nationalist all have enforcement notices against them from the Information Commissioner’s Officer under the Privacy and Electronic Communications Regulations, forcing them not to make automated telephone calls unless they have explicit consent: see here. A breach of any of these notices would result in prosecution. This despite the fact that everyone I have ever met hates automated calls, even if they feature the voice of Liz Dawn or Sir Sean Connery. Rather than (in Helen Lewis’ apposite tweeted phrase) clutching their pearls in shock, the people responsible for the Twittersnatch should have admitted that it was a clumsy and unreasonable thing to do. And it’s only because they backed down that they didn’t get deeper into the DPA mire.
* Read ‘Romeo and Juliet’ if you didn’t get that reference, or better yet, find a production of the play and see it. This will be the most constructive thing you’ll ever do as a result of reading this blog.