Voter Privacy in the Age of Big Data

Abstract

In the past several election cycles, presidential campaigns and other well-funded races for major political offices have become data-driven operations. Presidential campaign organizations and the two main parties (and their data consultants) assemble and maintain extraordinarily detailed political dossiers on every American voter. These databases contain hundreds of millions of individual records, each of which has hundreds to thousands of data points. Because this data is computerized, candidates benefit from cheap and nearly unlimited storage, very fast processing, and the ability to engage in data mining of interesting voter patterns. The hallmark of data-driven political campaigns is voter microtargeting, which political actors rely on to achieve better results in registering, mobilizing and persuading voters and getting out the vote on or before Election Day. Voter microtargeting is the targeting of voters in a highly individualized manner based on statistical correlations between their observable patterns of offline and online behavior and the likelihood of their supporting a candidate and casting a ballot for him or her. In other words, modern political campaigns rely on the analysis of large data sets in search of useful and unanticipated insights, an activity that is often summed up with the phrase “big data.” Despite the importance of big data in U.S. elections, the privacy implications of data-driven campaigning have not been thoroughly explored much less regulated. Indeed, political dossiers may be the largest unregulated assemblage of personal data in contemporary American life. This Article seeks to remedy this oversight. It proceeds in three parts. Part I offers the first comprehensive analysis of the main sources of voter data and the absence of legal protection for this data and related data processing activities. Part II considers the privacy interests of individuals in both their consumer and Internet-based activities and their participation in the political process, organizing the analysis under the broad rubrics of information privacy and political privacy. That is, it asks two interrelated questions: first, whether the relentless profiling and microtargeting of American voters invades their privacy (and if so what harm it causes) and, second, to what extent do these activities undermine the integrity of the election system. It also examines three reasons why political actors minimize privacy concerns: a penchant for secrecy that clashes with the core precept of transparent data practices; a tendency to rationalize away the problem by treating all voter data as if it were voluntarily provided or safely de-identified (and hence outside the scope of privacy law) while (falsely) claiming to follow the highest commercial privacy standards; and, a mistaken embrace of commercial tracking and monitoring techniques as if their use has no impact on the democratic process. Part III presents a moderate proposal for addressing the harms identified in Part II consisting in (1) a mandatory disclosure and disclaimer regime requiring political actors to be more transparent about their campaign data practices; and (2) new federal privacy restrictions on commercial data brokers and a complementary “Do Not Track” mechanism enabling individuals (who also happen to be voters) to decide whether and to what extent commercial firms may track or target their online activity. The article concludes by asking whether even this moderate proposal runs afoul of political speech rights guaranteed by the First Amendment. It makes two arguments. First, the Supreme Court is likely to uphold mandatory privacy disclosures and disclaimers based on doctrines developed and re-affirmed in the leading campaign finance cases, which embrace transparency over other forms of regulation. Second, the Court will continue viewing commercial privacy regulations as constitutional under longstanding First Amendment doctrines, despite any incidental burdens they may impose on political actors, and notwithstanding its recent decision in Sorrell v. IMS Health, which is readily distinguishable.