How political parties legally harvest your data and use it to bombard you with election spam

On Monday October 26, five days ahead of Queensland’s election, many voters received an unsolicited text message from Clive Palmer’s mining company Mineralogy, accusing Labor of planning to introduce a “death tax” and providing a link to an online how-to-vote card for Palmer’s United Australia Party.

Many recipients angrily wondered how Palmer’s firm had got hold of their contact details, and why they were receiving information that had already been thoroughly debunked.

It’s not clear how many voters received the message, although Deputy Premier Steven Miles accused Palmer of sending it to “hundreds of thousands of Queenslanders”. The message was also sent to many permanent and interstate residents not eligible to vote in the election.

But the issue goes deeper than Palmer’s dubious tactics, although his message was a particularly egregious example. This and similar messages have been sent to voters outside the relevant electorate. For example, one message from an independent candidate for the electorate of Macalister was received by a resident of Stafford.

In fact, there’s no law to prevent registered political parties — and the contractors and volunteers who work on their behalf — collecting your contact details and bombarding you with messages, regardless of whether you consented or not.

The problem of spam text messages was also prevalent during the 2019 federal election, when the tactics of Palmer’s United Australia Party in particular were called into question, prompting the party to pledge to stop the practice.

Read more: From robo calls to spam texts: annoying campaign tricks that are legal

Political candidates, including independents and members of registered political parties, can request access to the Australian Electoral Commission’s database of voters’ contact details, to use in their campaign messaging. And it doesn’t stop there: they can also buy access to voters’ data from “information aggregator” companies such as Sensis, including voters’ names, home addresses, phone numbers and e-mail addresses.

Information aggregators also collect and analyse your publicly available data. Your Twitter, Facebook, LinkedIn, Tiktok or Instagram posts can easily be scraped. If your phone number or email address appears publicly, such as on an advert for a community event or public comment on a town planning submission, it can be collected. Few people realise how large their digital footprint really is.

This can reveal not only your contact details but also your political views. Publicly share a post about environmental concerns or social justice issues and you may have just pigeonholed yourself as a left-leaning voter, potentially putting you in line for targeted campaign messages.

Australia has laws against unsolicited spam, so how do political parties get away with this? Because they are entirely exempt from anti-spam legislation.

How politicians dodge spam laws

Private businesses have to abide by strict federal laws about data privacy and spam. The Privacy Act 1998 and the Spam Act 2003 were enacted to protect the public from unwanted and harmful information sharing.

The Privacy act regulates who may have access to your personal information, how it must be stored and what must happen should that data be compromised. For example, if your data is hacked you must be notified.

As summarised by the Australian Communications and Media Authority (ACMA), Spam is unwanted marketing messages sent via email, text or instant messaging containing offers, advertisements or promotions. Permission to contact you by these means can be part of the terms and conditions of sale or use of a product, through a specific check box or if you make your e-mail or phone number public. Specific exemptions are made in the Spam Act for registered charities, government organisations, educational institutions and registered political parties.

Of course, in an open democracy it makes sense to allow elected officials to communicate directly with the voting public, particularly at election time. But aside from the nuisance and (legal) invasion of privacy, there are two main problems with the current free-for-all.

Problem 1: data security

If a data breach occurs for a non-exempt organisation, such as a bank or government organisation, any person who could be harmed from having information shared must be notified. The types of harm include the potential for identity theft and fraud.

But political parties, being exempt from privacy laws, are also exempt from this responsibility. This means if a political party has a data breach and shares your contact details, it doesn’t have to tell you.

Political parties reportedly maintain detailed databases of their constituents. These databases contain not just personal information held by the electoral commission, but any interactions with elected members, including complaints and contacts with electorate offices.

Problem 2: misinformation

Palmer’s text messages were a blanket salvo rather than tailored to particular voters. Hundreds of voters, and many non-voters, received the same message, despite repeated explicit denials from Labor it’s considering introducing a “death tax”.

In Australia, with an arguably free press and available fact-checking, the public can seek balanced, factual information if they are motivated to do so. But in the internet age, many people are vulnerable to “fake news”, whether through naivete or because of “confirmation bias” — the increased likelihood of believing information that fits with their pre-existing worldview.

What can you do about it?

Until the law changes, there are limited ways to combat political text and email intrusion. The first is judicious use of the block and delete buttons and e-mail spam filters. While not foolproof, this does reduce the potential for receiving messages again from that same number or email. However, this tactic would not have helped avoid a second round of messages sent by Palmer on October 29 from a different number.

The second way to combat these messages is to prevent your data and opinions from reaching political databases. In Australia, there is currently no reliable service to help remove your data from the public view, so the best option is to keep it from getting out in the first place.

To do this, you must always read the terms and conditions before giving away personal data. If you have time, audit your entire public online presence to find all the places on the internet that store your personal data, including on all social media platforms and on personal, professional or community web pages. You must always remain vigilant about protecting your information, which is no simple task.