The Labour party is investigating whether any data rules have been broken in its leadership contest after it emerged that party members’ phone numbers were potentially accessible to the Rebecca Long-Bailey campaign and Momentum this weekend.
Officials acted after HuffPost UK discovered that Long-Bailey’s campaign had shared with its volunteers links to Labour’s official phone-banking system, a move that allowed them to, in theory, contact and lobby any of the party’s more than half a million members.
But the party - which appears to have now suspended its phone bank website - was also likely to face criticism itself for failing to adequately protect the data of its rank and file members across the country.
Access to members data - crucial to any campaign in garnering support in the leadership and deputy leader elections - is tightly restricted until after February 14, under rules approved by Labour’s ruling National Executive Committee (NEC) earlier this month.
However, both the Long-Bailey campaign and Momentum worked in tandem this weekend to share with volunteers links to Labour’s own ‘Dialogue’ phone bank system that accesses members in constituencies across the UK.
The shadow business secretary is vying with rivals Keir Starmer, Lisa Nandy and Emily Thornberry in the race to succeed Jeremy Corbyn, with the winner announced on April 4.
The Long-Bailey campaign and Momentum used a renewed version of Momentum’s ‘MyCampaign.com’ app that included WhatsApp and Facebook groups with links to spreadsheets used to mobilise activists in marginal seats in the last election.
The Long-Bailey campaign insisted that there were “no plans” to use the Dialogue system. Sources suggested the anomaly had arisen because old WhatsApp and Facebook groups used during the last election had been included in the new campaign tool.
Campaign sources added that it had not authorised any use of Dialogue, which appeared to be open to any other campaign too, and that the party itself had a duty to provide better safeguards for members’ data.
After being contacted by HuffPost, the Long-Bailey campaign “has now unpublished the WhatsApp and Facebook groups from the MyCampaignMap site”, a spokesman said.
Labour HQ stressed that because all individuals who try to access its phonebank system are logged and recorded, it could identify any possible misuse.
An early review of recent activity had suggested no misuse but it was now taking steps to safeguard the system, it said. The party added it was still investigating to see if any data breaches had occurred.
The issue first arose on Saturday when Momentum and the Long-Bailey campaign sent emails to their members alerting them to the return of the highly popular ‘MyCampaign.com’ app, which was last used in the 2019 election to mobilise party activists.
The email said: “Yesterday we launched Ring for Rebecca - a huge, people-powered plan to phonebank thousands of Momentum and Labour members to talk about how Rebecca is the Labour leadership candidate to win back power.”
Until February 14, when the final candidates on the leadership ballots will be confirmed as having met thresholds of local party and union backing, Labour members’s data cannot be shared with any campaign.
The Long-Bailey campaign is allowed to phonebank its own members and those of Momentum to rally support, but is forbidden from giving any access to the wider Labour membership.
When Momentum and Long-Bailey volunteers they entered a postcode on the ‘MyCampaign.com’ app or website, they were directed to various events including phone banks which allowed them to ‘join’ Whatsapp groups at the click of a button.
The ‘RLB’ WhatsApp group was seen in several groups, including the ‘East London Climate Phone Bank’, ‘South London Climate Phone Bank’ and ‘Activists in Edinburgh’.
Several of the WhatsApp groups featured Google spreadsheets that contained lists of marginal target seats in the last election, with their local constituency Labour parties’ (CLP) details and links to Dialogue’s system for each.
After entering a member login and password, and ticking a ‘data protection and campaign rules’ box, activists then had full access through a ‘dashboard’ to call members and volunteers.
After clicking on ‘all members’, they had access to all members phone numbers in that CLP.
HuffPost has been told of at least one member who managed to call individual party members through their own phone - but routed through Labour’s own phone bank system. The cost of the call is paid by the party itself.
A spokesman for the Long-Bailey campaign said: “Old WhatsApp and Facebook groups used during the general election were still visible on the MyCampaignMap site, and one of these groups contained a spreadsheet that had links in it to Dialogue, as activists were encouraged to use Dialogue when phone banking for the Labour Party.
“The Rebecca For Leader campaign’s own phone banking operation is aimed at people already in Momentum’s database, and the campaign will not call Labour members that are not in Momentum’s database until the party releases the data.
“There are no plans for the Rebecca For Leader campaign to use Dialogue, and if that platform is still accessible to members then it is the responsibility of the Labour Party to restrict access to it in line with its own rules and procedures. In any case, the Rebecca For Leader campaign has now unpublished the WhatsApp and Facebook groups from the MyCampaignMap site.”
But critics pointed out that even though the Whatsapp groups for activists were indeed ‘old’ and had been originally set up by Momentum for the general election, the presence on each of the ‘RLB’ campaign Whatsapp group suggested it was intending to use the links to members’ data at some point.
The party appeared to suspend its Dialogue site after being contacted by HuffPost.
A party spokesperson said: “All calls made through this system are logged against the individuals making them. An initial review of recent activity suggests there has been no misuse of our systems in this manner.
“We have taken precautionary steps to ensure no such activity could take place in the future.
“Any potential breach of the Party’s data protection processes is investigated and we will continue to look into whether any misuse of data or resources has occurred.”
No party member can access the full Dialogue system without first ticking an agreement to follow data protection and other rules.
But some party insiders believe that agreement offers insufficient safeguards for members’ data outside general election campaigns.