Europe’s lead data regulator has issued its first ever sanction of an EU institution — taking enforcement action against the European parliament over its use of US-based digital campaign company, NationBuilder, to process citizens’ voter data ahead of the spring elections.
Software provider NationBuilder is a veteran of the digital campaign space — indeed, we first covered the company back in 2011— which has become nearly ubiquitous tool for digital campaigns in some markets.
But in recent years European privacy regulators have raised questions over whether all its data processing activities comply with regional data protection rules, responding to growing concern around election integrity and data-fuelled online manipulation of voters.
The European parliament had used NationBuilder as a data processor for a public engagement campaign to promote voting in the spring election, which was run via a website called thistimeimvoting.eu.
The website collected personal data from more than 329,000 people interested in the EU election campaign — data that was processed on behalf of the parliament by NationBuilder.
The European Data Protection Supervisor (EDPS), which started an investigation in February 2019, acting on its own initiative — and “taking into account previous controversy surrounding this company” as its press release puts it — found the parliament had contravened regulations governing how EU institutions can use personal data related to the selection and approval of sub-processors used by NationBuilder.
The sub-processors in question are not named. (We’ve asked for more details.)
“The issue EDPS had was with the Parliament’s lack of awareness of the extent of the processing being carried out by third parties and the lack of prior authorisation, by Parliament as data controller, provided in advance of the processing,” an EDPS spokesman told us.
The EDPS also has an ongoing investigation into whether the Parliament’s use of the voter mobilization website, and related processing operations of personal data, were in accordance with rules applicable to EU institutions (as set out in Regulation (EU) 2018/1725).
The enforcement actions had not been made public until a hearing earlier this week — when assistant data protection supervisor, Wojciech Wiewiórowski, mentioned the matter during a Q&A session in front of MEPs.
He referred to the investigation as “one of the most important cases we did this year”, without naming the data processor. “Parliament was not able to create the real auditing actions at the processor,” he told MEPs. “Neither control the way the contract has been done.”
“Fortunately nothing bad happened with the data but we had to make this contract terminated the data being erased,” he added.
When TechCrunch asked the EDPS for more details about this case on Tuesday a spokesperson told us the matter is “still ongoing” and “being finalized” and that it would communicate about it soon.
Today’s press release looks to be the upshot.
Provided canned commentary in the release Wiewiórowski writes:
The EU parliamentary elections came in the wake of a series of electoral controversies, both within the EU Member States and abroad, which centred on the the threat posed by online manipulation. Strong data protection rules are essential for democracy, especially in the digital age. They help to foster trust in our institutions and the democratic process, through promoting the responsible use of personal data and respect for individual rights. With this in mind, starting in February 2019, the EDPS acted proactively and decisively in the interest of all individuals in the EU to ensure that the European Parliament upholds the highest of standards when collecting and using personal data. It has been encouraging to see a good level of cooperation developing between the EDPS and the European Parliament over the course of this investigation.
One question that arises is why no firmer sanction has been issued to the European parliament — beyond a (now public) reprimand, some nine months after the investigation began.
The EDPS spokesman told us the decision was taken not to impose an administrative fine because the parliament complied with its recommendations.
Another question is why the matter was not more transparently communicated to EU citizens. On that the spokesman said it was because part of the investigation is ongoing.
“The EDPS is still investigating with the European Parliament, and received additional evidence. We are now completing our analysis of that evidence, and we anticipate closing the investigation in the near future,” he added.
The EDPS’ PR says it will “continue to check the parliament’s data protection processes” — revealing that the European Parliament has finished informing individuals of a revised intention to retain personal data collected by the thistimeimvoting website until 2024.
“The outcome of these checks could lead to additional findings,” it also warns, adding that it intends to finalise the investigation by the end of this year.
Asked about the case, a spokeswoman for the European parliament told us that the thistimeimvoting campaign had been intended to motivate EU citizens to participate in the democratic process, and that it used a mix of digital tools and traditional campaigning techniques in order to try to reach as many potential voters as possible.
She said NationBuilder had been used as a customer relations management platform to support staying in touch with potential voters — via an offer to interested citizens to sign up to receive information from the parliament about the elections (including events and general info).
Subscribers were also asked about their interests — which allowed the parliament to send personalized information to people who had signed up.
Some of the regulatory concerns around NationBuilder have centered on how it allows campaigns to match data held in their databases (from people who have signed up) with social media data that’s publicly available, such as an unlocked Twitter account or public Facebook profile.
TechCrunch understands the European parliament was not using this feature.
In 2017 in France, after an intervention by the national data watchdog, NationBuilder suspended the data matching tool in the market.
The same feature has attracted attention from the UK’s Information Commissioner — which warned last year that political parties should be providing a privacy notice to individuals whose data is collected from public sources such as social media and matched. Yet aren’t.
“The ICO is concerned about political parties using this functionality without adequate information being provided to the people affected,” the ICO said in the report, while stopping short of ordering a ban on the use of the matching feature.
Its investigation confirmed that up to 200 political parties or campaign groups used NationBuilder during the 2017 UK general election.
NationBuilder has now sent us a statement in response to the news of the regulator’s action. In it a spokesperson said:
NationBuilder exists to help people participate in the democratic process. Our software is designed to scale authentic, one-to-one relationships. As the European Parliament has explained, they used NationBuilder’s software for customer relationship management to motivate democratic participation among EU citizens in the 2019 European Parliament elections. We are incredibly proud to have helped power that effort.
NationBuilder was founded on the belief that everyone should own their own data and, as such, our software incorporates advanced privacy and consent tools that enable our customers to comply with relevant data protection laws. The sanctity of customer data is core to our company — we do not share or sell our customers’ data, and every NationBuilder customer has a self-contained database.
We agree with the EDPS that strong data protection rules are essential for democracy, especially in the digital age. NationBuilder is — and always has been — committed to the highest standards of privacy and data protection.
The company also disputes that its contract with the EU parliament was terminated — saying it came to a natural end at the conclusion of the spring election.
This report was updated with additional comment
5 Effective Ways to Run Facebook Ads A/B Tests
Facebook Ads A/B Tests or split tests help them try different versions of ads with various campaign elements. This process helps them arrive at the best version for the organization’s target.
A/B Tests offer a vast pool of resources to try out various versions. You may get caught up and lose your way to arriving at the best version in a limited time. To better understand this topic you can read the Facebook ad testing guide. Here are five effective ways to run Facebook Ads A/B Tests-
1) Start with the minimal number of variables
This approach will help you analyze the impact of a variable much better. The lesser the variables, the better will be the relevant results and more conclusive. Once you have various versions, you will need to run them through the A/B Significance Test to determine if the test results are valid.
2) The second way is to select the correct structure.
There are two structures in A/B tests. One is a single ad test, and the other is multiple single variation ad sets. All the variations will go under one ad set in the first structure. Each variation will be under a separate ad set in the second one. Out of the two, the second one works out to be better and gives better results.
3) Use of spreadsheets is important to stay organized.
These spreadsheets help collect and analyze data to get meaningful insights and arrive at data-backed decisions.
4) Do target advertising and set realistic time goals.
One approach is to choose an entirely new set of audiences. Also, the data pool should be vast and not the same as some existing campaigns. The reason for choosing a different audience is that Facebook may mix up your ads and give contaminated output.
Another approach to choosing the right audience is to pick geography. It works better, especially when you have business in a particular region.
It’s also essential to set a realistic timeline for your testing. Facebook suggests one should run a test for at least four days, but you can choose to run the test for up to 30 days.
5) Set an ideal budget.
The concept of a perfect budget is subjective. But, you can fix it yourself, or Facebook can do that for you based on your testing data. A large part of the test budget is spent on avoiding audience duplication. If the same audience sees variations, it could affect the test results.
Besides these top five effective ideas, you will need to take a few more action points to make the testing process efficient. Make sure you put the website’s domain link and not the landing page link in the ad, as that doesn’t look good. Put appropriate Call To Action Button, such as ‘Learn More,’ ‘Buy Now,’ etc. It’s also important to see how your ad is coming across on various electronic gadgets- mobile, tablets, etc.
Another strategy that works is trying to engage the customer. You may add social engagement buttons such as ‘Like’ or ‘Comment.’ Use high-resolution images as they work better with the customers. Low-quality, highly edited images are often not liked and trusted by the consumers.
You can learn more about the audience behavior patterns with A/B test results. Conducting these tests on Facebook streamlines the entire process and makes it smooth for you. With the test results, advertisers and marketers can work on the creatives they need to utilize.
To sum it up, you can run an effective A/B test campaign within the specified budget. You don’t need to spend massive amounts to get your advertisement right. You’ll make the correct assumptions about the performance of variations with a good understanding of business and consumers.
BCN Group strengthens Microsoft Cloud Services presence with Evo-Soft acquisition
Upgrade Your SEO Content Strategy With These 3 Steps [Webinar]
Here’s How Much You Can Really Make From Affiliate Marketing
WhatsApp Launches ‘Call Links’ to Better Facilitate Group Audio and Video Chats
Google Product Review Updates Still Get Periodic Updates
How We Increased a Client’s Leads by 384% in Six Months by Focusing on One Topic Cluster [Case Study]
Google Core & Product Review Updates Finish Rolling Out
Update for Capcom Fighting Collection with More Features Available Now
UK eyes big TikTok fine over child privacy lapse
Why B2B Companies are Entering the Editorial Space [& What You Can Learn From Them]
How to Create UTM Tracking URLs on Google Analytics
Google Is Not Yet Done Rolling Out The Helpful Content Update
How to Target Keywords With Blog Posts
Google On Why Helpful Content Update Seems Quiet
If You Love Escape Rooms, You’ll Love the Elaborate Puzzles of Zero Escape: Zero Time Dilemma
Why & How Machine Learning Took Over Paid Advertising
Google Updates Documentation On Meta Descriptions
The Ultimate SEO Checklist For Boosting Organic Traffic: 6 Highlights
Google Learning Video Structured Data Docs Breaks Out educationalLevel
How to limit your reliance on canonicals and boost crawl efficiency