Idiot/Savant blogs at No Right Turn:
Back when I was petitioning for the Keep Our Assets referendum, I discouraged people signing it from filling out the email address and phone number boxes because I did not trust the Labour Party (and specifically the Labour Party) not to abuse this information by using it for purposes other than the one it was collected for (“To keep up to date with the campaign”).
I am not glad to have that suspicion confirmed.
To point out the obvious: this is a screaming violation of Privacy Principle 10, and possibly Privacy Principle 11 if you take the collecting agency as Roy Reid, the formal petitioner, rather than the parties who provided the footsoldiers. And it is grossly unethical. Quite apart from that, its also stupid, burning both potential supporters and their activist base (who may not be too keen on having their hard work perverted to violate people’s privacy).
As for what to do about it, firstly people have a right of access to information held about them by agencies – so if you gave the petition campaign your email address, you can always check with Labour to see if it has somehow migrated its way into their fundraising and supporter’s databases. And if the information is used, then I recommend lodging a complaint with the Privacy Commissioner. You should also publicise that complaint over social media (or, if you feel like it, by emailing a press release to Scoop – but social media is probably enough, because people like me will retweet it if we see it, and journalists will pick up an easy story like this). Political parties are (sensibly) afraid of bad publicity, and this is the best stick we have to enforce ethical behaviour on them. Sadly, it looks like we may have to use it.
Legally you will have no recourse as MPs are exempt from the definition of an agency under the Privacy Act, but you can publicly highlight any breaches.