Coordinate and protect the European Parliament election

In the run up to the campaign for the European Parliament election, Gong gives some recommendations for the public authority bodies to minimise the threats to the democracy on the internet. They are the result of discussions from the international conference and the expert forum organised by Gong at the beginning of February. They give answers to 4 main risks concerning the election in the digital age.

1st RISK

Insufficient coordination of the public authority bodies regarding the threats to cyber security of the election

RECOMMENDATION to the relevant institutions:

  • To organise a public theme conference on cyber security that would, amongst others, include the National Cyber Security Council, the State Electoral Commission (SEC), Croatian Personal Data Protection Agency (AZOP) and Information Systems and Information Technologies Support Agency.

  • To make a detailed risk assessment and publish recommendations for the 2019 European Parliament election.

  • To make an evaluation of the conduction of the EP election in May during 2019 and, according to the results, make a general Action plan for cyber security in the context of the elections that thoroughly addresses the latest challenges of the digital age.


2nd RISK

Regulation of media and social media regarding the misinformation that would be either insufficient, exaggerated or inappropriate


  • To avoid bad regulation practices that could result in the collapsing of the freedom of the media, it is necessary to include relevant experts in the process of forming the legislative acts for the suppression of misinformation (eg. Croatian Journalists’ Association, Faculty of Political Science, Faculty of Law, experts on the constitution, human rights organisations), i.e. to increase the participatory dialogue in the decision making.

  • Based on the EU Action plan for the suppression of misinformation, start a comprehensive educational campaign on media literacy for citizens before the EP election.

  • Based on the same EU recommendations, give support (including financial support) to independent experts, non-profit media and fact-checkers in uncovering misinformation in the political campaigns.


3rd RISK

Non-transparent financing of ads on social media, including the risk of financing the ads from foreign countries, which is banned by law in Croatia


  • To actively monitor the application of the EU Code of Practice on Disinformation

  • The State Electoral Commission has to proactively approach the communication with Facebook and other social media and digital platforms – contact them and learn the new applicable regulations (Political Activities and Election Campaign Financing Act) in Croatia.

  • The State Electoral Commission has to regularly check the promised Facebook Ad Library, which was announced thanks to the asking of many interested actors of the European civil society, as well as independent tools for advertising transparency, and compare that data with the data from the parties’ financial reports.

  • In the forms for reporting and instructions on financing the election promotion, the State Electoral Commission has to point out that the social media advertising is media advertising and should, as such, be separately presented.

  • The SEC should pilot their application for transparent gathering and publishing of data on financing (income and expenses) of the political activities on the European election and enable the interested parties to use the API function, especially in relation to preliminary reports.


4th RISK

Abuse of the personal data of the voters with the goal of influencing the election results via microtargeting and non-transparent practices of using the personal data of the voters


  • Modelled on the European Commission Recommendations from September 12, 2018 and, for example, the Italian and French regulatory bodies for personal data protection on a national level, the AZOP should issue a set of general recommendations and instructions on the use of personal data of the voters in the context of elections, with the focus on social media advertising and microtargeting practices, that would be aimed towards the public authority bodies, marketing agencies, digital platforms, social media and political parties (or update the existing recommendation for political marketing).

  • With regards to former practices of the abuse of voters’ personal data via microtargeting on social media, the AZOP should pay special attention to monitoring the work of Facebook, Twitter and other platforms, i.e. social media in the context of the European Parliament election, in coordination with other personal data regulatory bodies on the EU level.

  • In the context of the upcoming European Parliament election, the AZOP should argue that it is necessary to expand the jurisdiction of the local (national) regulatory bodies in the cases of abuse of citizens’ personal data on social media in political campaigns. Particularly, the regulatory body in the country where the headquarters of Facebook is (Ireland) does not have the capacity to cover the problems of the abuse of personal data in the national frameworks such as is Croatian. The AZOP can advocate for the expansion of the jurisdiction on the level of a body, such as the European Data Protection Board that gives recommendation on the implementation of the GDPR on the European level, if it has a representative in that body. The current system of the coordination of national regulatory bodies does not give enough freedom to the AZOP to conduct direct control over operations of companies such as Facebook, in case Facebook does not respect the protection of personal data of Croatian citizens and that is why it is important to enable the AZOP to check how the social media abides by the GDPR.

  • The AZOP should organise a round table/education for the political parties’ actors, but also for the decision makers in the context of abuse of the citizens’ personal data for political campaigns and the influence of these practices on democratic processes.

  • The AZOP should conduct public educations on the abuse of personal data in the context of the elections.

Gong is a Centre of Knowledge in the area of Civil Activism and the Building of Democratic Institutions within the framework of Development Cooperation with the National Foundation for Civil Society Development.