Throughout the campaign for the Labour leadership, various people applying to be registered supporters have had their applications rejected. The list is varied, from the film director Ken Loach and the comedian Mark Steel, through to the human equivalent of genital herpes, Toby Young. Those registering to be supporters must agree that they support the aims and ideals of the Labour Party: Loach and Steel have explicitly and recently advocated voting for other parties, while Young is a high-profile Conservative. I’m not going to lose any sleep, frankly. However, in the past couple of days, a substantial number of less well-known people have received similar missives – some were recently candidates for other parties so Labour’s ban may have some merit. But others are just ordinary people on the left. Some of them are critics of austerity, some may have said that they are voting for the Greens or the Trades Union and Socialist Coalition, or just slagged off the Labour leadership online. I think Tony Blair is a war criminal and have said so often, so I still wonder if my vote yesterday counts. Is that acceptable for Labour High Command in the current climate?
The Data Protection problem for Labour is that when we signed up to be registered supporters, there was no clear fair processing information explaining that we would be vetted or how this would be done. Some form of vetting has clearly happened – I’ve even seen copies of emails and Facebook posts that suggest a full-on witch-hunt for anyone who isn’t an uncritical supporter of the party. I’m not sure whether these are real, but there are a lot of them.
As I have previously written, Labour does not need consent to look at websites and Twitter accounts. Even though the stuff on Twitter is sensitive personal data as it relates to political opinions, Data Protection allows for sensitive data to be used if it has been put into the public domain by the data subject. Furthermore, I agree that Labour has a legitimate interest in preventing full-on Tories from voting. This means that they can rely on the ‘legitimate interest’ justification to use personal data. However, they are required not to cause unwarranted prejudice to the rights and freedoms of data subjects when doing so. This is all part of the first Data Protection principle. I believe that legitimate interest requires the vetting process to be carried out objectively and accurately. Without some form of appeal, I think the rights and freedoms of the data subjects have been prejudiced.
More fundamentally, Labour must also process data fairly. The blurb for registered supporters was thin, so as someone who signed up, I have no idea what process was gone through. Even if you are one of those (wrong) people who thinks that trawling Twitter doesn’t engage Data Protection, receiving and acting on tip-offs and reports isn’t just disturbingly McCarthyite, it would be a breach of the Data Protection Act unless registered supporters were told. There are in fact a host of potential problems (accuracy, relevance, security), but the fairness one is enough because it is insurmountable. We should have been told – we weren’t.
Even if you think such a process would be legitimate, there is no exemption from the Data Protection Act, nothing that allows Labour to do these things secretly. The exemptions in Data Protection cover legal proceedings, criminal investigations, cases referred to regulators – situations where handling personal data secretly can be justified. None of the exemptions applies to the kind of process currently at work in the Labour Party. The foundation stone of Data Protection is fairness and transparency – letting people know how their data is used, so that they can ensure it is used properly. Not for the first time, the Labour Party is acting secretively, and so I have not faith in the vetting process. I suspect it breaches the first Data Protection principle.
Data Protection gives every person a right of subject access, a right to request copies of their personal data held by any organisation. In this case, the data on which the decision was made to ban a person from voting in the leadership election will undoubtedly be personal data. Admittedly, Labour could claim that no data was recorded, but this would reveal that process to be slapdash in the extreme.
Therefore, my advice to anyone rejected by the Labour Party is as follows: make a subject access request. Find out what it was that made Labour reject you, and then publicise that. Expose this process, and dig it over. Labour did not want this to be a transparent process, but they cannot stop you from finding out what happened in your case.
To make a subject access request, you need three things:
- A written request, setting out your name, address and the email address you registered with as a supporter
- Proof of your ID. Send a copy of a passport or driving license and ask them to destroy it when they have validated your request. They can refuse to deal with your request without proof of ID, so don’t give them the opportunity to delay by asking for it
- A cheque for £10. Having already lost the £3 supporter fee, this will be annoying, but I doubt Labour will accept a subject access request without the statutory fee, and they can refuse to process the request without it. If you want to know what happened (or find out that it was a flawed process), you will have to sacrifice the tenner. If they are feeling generous, they won’t cash the cheque. The Information Commissioner cannot order them to waive the fee, so don’t waste your time asking them.
You may well want to send this by recorded or registered post, which ratchets up your costs even more. If you are throwing your hands up in despair at spending another £12, I’m sorry. I didn’t say you would like my advice. Explain clearly and simply that you want all of the personal data held about you as a registered supporter, including any and all information that was used to ban you from voting. You are entitled to a permanent copy of the data. It is unlikely they will tell you the names of those involved in the decision, but the reasons you have been banned must be made available. It doesn’t matter of hundreds of Labour supporters make a subject access request at once – there is no provision to refuse vexatious requests, and the Information Commissioner’s Code of Practice on Subject Access makes clear to organisations that they must be prepared to respond to peaks in demand.
Subject Access is an imperfect tool: organisations sometimes don’t record the information you expect them to. But Labour took their supporters’ money and then denied many of them a vote. Either they have to account for these decisions, or admit that they have not done so fairly. Those calling for the election to be halted to avoid a Corbyn victory should be full-throated in their demands that the banned should either get a proper explanation as required by Data Protection, or the vote should instead be halted until a proper process is undergone.
The address Labour publish to contact their Data Protection Officer is
Compliance Unit, Labour Party, One Brewer’s Green, London, SW1H 0RH
If you go for it, good luck. Drop me a line and let me know how you get on.