Much has been written lately about how political campaigns are using voter registration data and other voter data in online campaigns. Recent articles this past week in the U.S. News and World Report, Reuters, and earlier this year in the New York Times, have reported how enhanced data models are enabling campaigns to better target ads and communications to potential donors and interested voters.
As those in the online advertising ecosystem know, ad exchanges and data management platforms provide new ways to anonymize, pseudonymize, and de-identify sensitive voter data not possible in more traditional outreach models. Nonetheless, given the expanded interest of late in using voter data online, now is an ideal time to review the privacy and usage laws that apply to that data.
About two thirds of U.S. states restrict the use of voter registration data to political purposes, usually limited to use by political campaigns, parties and office-holders. Some states, such as Alabama, also permit use by “nonprofit organizations which promote voter participation and registration” while others, like California (a referendum-heavy state) permit use in connection with referenda and voter surveys (not limited to office-holders or campaigns). In a significant number of states that restrict voter registration data, using the data for “commercial” or “non-electoral” purposes is a criminal violation, usually a misdemeanor. In a minority of states, on the other hand, the use of voter registration data is unrestricted.
These voter privacy laws have generally not been aggressively enforced, though there have been exceptions. In the 1990’s, data company Equifax faced a lawsuit and public scrutiny alleging it had sold voter lists for commercial purposes, and in 1995 direct marketing firm Metromail paid $2.7 million to settle a lawsuit alleging it had used data taken from voter rolls. After a period of relative dormancy, there appears to be renewed media and public attention on how voter data is being used and protected.
Thus, as voter data is brought online — even in de-identified forms — it is important for data companies, ad platforms, and data management platforms, to understand and comply with these laws. Because each of these parties may handle the data, at various stages — and each may interact with the ultimate customer — how compliance is tasked and implemented may vary by relationship or even by transaction.
Data and licensing agreements therefore should clearly set forth who has these burdens of due diligence and compliance, and should contain warranties and representations that speak to the voter privacy laws. Likewise, if voter data is being used for commercial purposes, it is crucial to survey the relevant laws and extract all prohibited data.
