Privacy Matters Profile picture
Sep 29, 2018 36 tweets 16 min read Twitter logo Read on Twitter
1/ I note the issues around the conservative party conference app .. BUT OMG! I took a peek at the Conservative Campaigner app - "the official mobile app for supporters of The Conservative Party” and OH BOY …
2/ the app was developed by Social Political Media, the same entity behind the anti-abortion apps LoveBoth & MY8 used in the Irish referendum on abortion, .. but Social Political Media also developed the …. Vote Leave app, the Trump-Pence 2016 app, the French Renaissance app
and the same ‘developer’ is behind the NRA’s official app. Oh boy.

Yep, the UK @Conservatives official campaign app is developed by a US based political campaigning app platform UCampaign ucampaignapp.com

OK need to go make Son’s supper - back soon. and Oh boy
@Conservatives 4/ The app. The ‘developer’ is Thomas Peters, the CEO of UCampaign (the Trump, NRA apps) and now RumbleUp a ‘powerful P2P texting’ campaign platform.

Embedded in the Conservative Campaigner ’the the official mobile app for supporters of The Conservative Party’ are four trackers
@Conservatives 5/ The trackers include Facebook Analytics, Facebook Login, Facebook Share, and Google Firebase Analytics - an issue right there.
@Conservatives 6/ The Privacy Policy for the app, leads to this Ucampaign page with a warning that is not private or safe
@Conservatives 7/ proceeding takes you to conservatives.com/privacy

The approach to cookies alone is not compliant with the ePrivacy rules or the GDPR. And look at those trackers …. maybe th @ICOnews should look at this app?
@Conservatives @ICOnews 8/ No mention of the app or any app in the privacy policy. No mention of Campaign - and WHAT data is uCampaign receiving as a result of the use of this app developed by them?

NO Mention of tracking in the privacy policy - either with reference to the site or embedded in app
9/ so what data exactly is being processed by the embedded trackers and for what purposes? What is the legal basis under the GDPR?

Does the uCampaign as the developer of the app have access to that data or otherwise harvest it? Is the data held on uCampaign servers in the US?
10/ have the Conservatives conducted any assessment?

So many questions. So many permissions.

I’m beginning to wonder if @MattHancock advised them on how to develop the app - I mean just look at #HanCocksApp
@MattHancock 12/ Unlike on the Google Play store, after installing the app, individuals are advised the app is ‘powered by uCampaign’ - clicking the link takes you to the uCampaign home page. The Privacy policy is ambiguous in many ways
@MattHancock 13/ You can sign in with Facebook , or phone number or email ..
@MattHancock 14/ The registration email appears to come from Conservative Campaigner but in fact comes from support@ucampaign.co So, data is processed and held by uCampaign in the US. This raises more questions.
15/ I asked uCampaign a question and got a GDPR bot
16/ Even GDPR bots need a rest
17/ I think I’m done .... for now.
18/ serious questions should be asked of the relationship between the Conservatives and uCampaign - of which the latter developed apps on its platform for the Trump-Pence campaign, Vote Leave, the NRA and anti-abortion apps LoveBoth & My8 in the recent Irish abortion referendum
20/ the arrogance and complacency and the it worked for ‘vote leave’ is insightful and deeply troubling

conservativehome.com/parliament/201…
21/ uCampaign is a platform on which ‘campaign apps’ are built and supported. It is a platform that integrates with other platforms such as Facebook, Google Civic API, Twitter, Nation Builder.

So, some of the data protection and privacy issues that arise, include:
22/ where the data are processed (USA by uCampaign?) & the legal basis for such transfers; whether the data are separate from other uCampaign ‘campaigns’ - what have the Conservatives done to assess whether data are siloed? The gamified behavioural nudges within the app and the
23/ and the data that generates and the analysis of such behavioural data (& the legal basis) especially as app permissions include:
- add or modify calendar events and send email to guests without owners' knowledge
- find accounts on the device and
read your contacts
-
24/ and access approximate location (network-based) and precise location (GPS and network-based).

The app lets you “Earn Action Points (AP) for answering Calls to Action
* Unlock activist badges and see your progress over time
* Invite your friends to join you on the app!
25/ so the app appears to generate a lot of data about an individual’s behaviour on and off the app and their connections & provides a unique unfiltered call to action tool ... nudging behaviour of many directly and indirectly.. this involves detailed analysis of data
26/ it’s important the app and the practices underpinning it are subject to robust scrutiny. Any political campaign app needs to adopt the highest of standards.
27/ and do look at this report of the app by @riptari techcrunch.com/2018/07/30/one… and for which I am remiss for not seeing when she published it :( Sorry Natasha - I must stop juggling too many things)
28/ I only looked at the Campaigner app following reports of the ‘other’ app. I was curious to see how it performed from a data protection and privacy perspective. My interest was immediate piqued when I saw the involvement of uCampaign (& my previous look into it’s involvement
29/ in the Irish abortion referendum - & oh my, what a tangled web that was).

techcrunch.com/2018/07/30/one…
30/ ok let's dive in
31/ oh goodness me. Claiming the daily bonus leads to nudges or encouragement to earn more points by sending in invitations & that leads to a request to allow the Campaigner app to access my contacts
32/ I cleared contacts and created one to test. Contacts do not appear to be uploaded. The communications appear more like marketing ploys that rely on refer a friend that seek to bypass law - except here, the Conservatives are the 'instigator' of the unsolicited marketing msg
33/ so there is a question of the Conservatives compliance with law on unsolicited marketing messages and which require consent. What say you @iconews ?
34/ hmmm. Clicking the 'share to twitter' option opens a dialogue window for uCampaign requesting I authorise uCampaign to update my profile and post tweets on my behalf. OMG! No Way.
35/ there is also no privacy notice as to what uCampaign will do with the data is has access to and the insights it will gain.
36/ the app is very clearly geared to encouraging people to promote the Conservatives by giving points or sharing via twitter, email, for successful invitations ... you can't proceed / unlock 'features' without points. Manipulative. A LOT of metadata for mining & analysis
37/ This is a key part of the app. Requiring people to onboard others and promote party messages etc in order to earn points of credits so they can access resources / services within the app. Gamification.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Privacy Matters

Privacy Matters Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PrivacyMatters

Aug 31, 2018
An NHS app intended to get people from ‘couch to 5k’.

“Analytics and Advertising tracking SDKs. As these features are critical to Our ability to provide users with free, high quality mobile applications it is not possible to opt out from tracking features.” < WTH! No. No. No.
I don’t have time to go through this at the mo .. but I will, given that family has asked me “is it ok from a privacy perspective? .. it is the NHS after all.” <visions of #HanCocksApp
“We are also working closely with third parties (including, for example, business partners, sub-contractors, delivery services, analytics providers, search information providers) and may receive information about you from them” <much to dig into
Read 34 tweets
May 31, 2018
Ohh look @DPCIreland look at the term ‘consent’ in the URL. Now let’s consider consent under the GDPR, I know. In know. It’s not really consent
Ooh. Choice. Not really. Take it or leave it says Facebook
Facebook Terms first. I’m sure the majority of people will be able to immediately comprehend the suite of Facebook Products .. and Business Tools that they are ageeeing to 🤔
Read 8 tweets
Apr 17, 2018
April 13. Bulgarian Presidency updated working dc on the #ePrivacy Regulation. data.consilium.europa.eu/doc/document/S…

"recital 21 now provides an example where making access to a website conditional on the acceptance of cookies is not considered justified"
But much to review and .. hmmmm

"Access to specific website content may still be made conditional on the well-informed acceptance of the storage of a cookie or similar device identifier, if it is used for a legitimate purpose ,,"
“… This will for example not be the case of a cookie which is recreated after the deletion by the end-user."
Read 16 tweets
Mar 6, 2018
So @AskLloydsBank is using legitimate interests under the GDPR to seek consent to contact customers 🤔
It’s one of the most confusing updates I’ve seen. What precisely is LloydsBank relying on for ‘consent’ and what for ‘legitimate interests’ for marketing/direct marketing/product development for example? #GDPR
Many other things are wrong. Its of ‘please contact us’ but no hyperlink with info on how/mechanism to contact.
Read 6 tweets
Feb 1, 2018
Oooh 👀
whoah! OMG. You’d think the Digital Minister and one responsible for data protection package would get privacy right.
1/ Hold me twitter. Here goes. (1) no Privacy Policy on the App landing page which doesn't meet Apples guidelines (2) The app is promoted as the 'Official App for Matt Hancock' but the 'seller' is Disciple Media Ltd (3) Individuals must tick to 'accept' a Privacy Policy and ToS
Read 43 tweets
Sep 8, 2017
🤔 Sorry, the breach of 143m people’s data #equifax does not make today a good day to be a DPO. It’s a day when potentially 143m people will
will be concerned and anxious. They’ll be starting a journey that may last years or their lifetime in seeking to address the impact
of “identity theft” as which can have adverse impacts on multiple dimensions of their lives. It’s not a good day to be a DPO. It’s a bad day
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(