ABSTRACT
This chapter examines the regulation of the processing of personal data for the purpose of electoral activities in the EU in the light of revelations concerning the use of personal data obtained from a variety of sources, including social media sites, data brokers and publicly available information sources, to build profiles of personality and voting behaviour, and the use of the resultant profiles to micro-target individual voters with a view to manipulating them. The capacity of the protections provided for in the GDPR to address these issues is evaluated, with particular attention being paid to the rules concerning the lawful processing of personal data, the transparency provisions, the right to object to processing of data, and the restrictions on automated decision making and profiling. The chapter concludes that while the GDPR imposes limitations on the processing of personal data for the purpose of electoral activities, there are significant gaps in the protection afforded to the processing of personal data in this context. It further notes that the GDPR allows for significant variation in the application by Member States of the provisions relevant to the processing of personal data for electoral purposes which can impede the harmonisation of the data protection laws of the Member States, one of the primary goals of the GDPR.
