Can a community alert group hold files?

the O Reilly connection

Hi

I was wondering if a community alert group is entitled to hold files on members of the community and if so, how far can they go before they start breaking the law?

Thanks

Victor

Having someone's contact details for social and personal reasons generally isn't a problem.

However, what you suggest goes far beyond this and could very quickly become problematic. Previously, there issues like willy-nilly access to things like CCTV. The group should have written policies in place. There should be specific reasons to keep information.

It is possible that the Data Protection Commission www.dataprotection.ie has specific advice for such groups.

Peregrinus

What's in the files, and for what purpose are they kept?

Larbre34

There isn't enough information in the OP.

But in general, community organisations are subject to GDPR, just like everybody else.

And so the GDPR rules are where you should check. But generally speaking, the data held should be for a lawful reason, should be by consent, under a contract or for a subject of legitimate interest.

There is an obligation also to minimise that data to the bare minimum necessary to perform the function, ie, it is not legitimate to keep superfluous data that may have been communicated or ascertained.

By the way, you should be clear about what data is. "Keeping files" that include opinions or accounts of matters or people, is not data. Data is, inter alia...

• Contact information: Name, address, phone number, email address.
• Identification numbers: ID card number, passport number, PPS number.
• Location data: GPS coordinates, location history.
• Online identifiers: IP address, cookie ID, online account details.
• Biometric data: Fingerprints, facial recognition data.
• Financial information: Bank account details, tax information.
• Medical information: Medical records, test results.
• Employment information: Salary details, performance reviews.
• Other unique identifiers: Vehicle registration number, customer number. 

batistuta9

https://www.boards.ie/discussion/comment/123664631#Comment_123664631

OP reads like the local neighbourhood watch think they're the stasi

the O Reilly connection

https://www.boards.ie/discussion/comment/123664631#Comment_123664631

For example, a certain ethnic group has moved into a residential area. They keep to themselves and there numbers are growing. Crime in the area starts to sky rocket – drugs, break ins and robberies. The local community alert starts to monitor the movements of the ethnic group. This includes keeping a record of their movements, their car registration numbers, who they meet and where they work. They share them with other members.

Do you think this is lawful?

Peregrinus

Almost certainly not. If the "community alert group" is in any doubt they can ask the Data Protection Commission for guidance on what they can and cannot do, and on what protocols and safeguards they need to adopt in order to keep their activities onside.

witchgirl26

https://www.boards.ie/discussion/comment/123665085#Comment_123665085

Yeah that would strike me as being on shaky ground for being lawful. Without any evidence for them being involved in the increase in crime (correlation does not equal causation), you're essentially stalking them by tracking their movements, who they meet and where they work.

Oscar_Madison

There was an unusual response from An Garda Siochana recently where a cyclist sent on a number of videos of I think bad driving or vehicle traffic offences / - you can read about it in the link below.

Essentially “data” should only be collected and stored for certain clear purposes - the key accusation in article below is that Gardai are claiming that the cyclist is acting as a data controller but has no authority to do so.

While that’s an argument for another thread, it’s clear that collecting data on a person, as defined by the Data Protection Act, comes with responsibilities and protections and clear guidance around what is acceptable. It sounds like this “group” are potentially outside of what is permissible- whether they get caught or found out, and if it has legal implications for them, is another matter

https://extra.ie/2025/07/20/news/irish-news/cyclist-accused-biased-agenda

Fr Tod Umptious

https://www.boards.ie/discussion/comment/123665159#Comment_123665159

who they meet and where they work.

Reading between the lines of the OPs post about what they are doing, I don't believe the bolded text is applicable.

10-10-20

As others are pointing out GDPR comes into the context when there's an organisation involved, but individuals can maintain observational notes for their own safety or personal use, but not if it's with the intent of sharing it with groups for compilation, ie surveillance. Those personal notes could be used as contemporaneous notes when later reporting an incident to the Gardai.

Presumably incident-based use of the notes, such as responding on a group chat to say that "red car with reg 131-D-xxx was seen hitting a lamppost and driving off" isn't an unacceptable use of personal information as it's using a public identifier within a public space to report a violation of societal norms to a community. But the rest of what was described is very concerning on so many levels.

Jim2007

https://www.boards.ie/discussion/2058420242/can-a-community-alert-group-hold-files

A community group is not a legal entity and each member is personally responsible for their actions. So you are subject to both GDPR rules for collecting such data and for sharing such data between your members. And since you are not an organisations such as the Garda or the Defence forces you have no business collecting intelligence information and could find yourself subject to prosecution.

Claw Hammer

https://www.boards.ie/discussion/comment/123665324#Comment_123665324

Car geg numbers are regarded as personal data since an individual can be identified from them. The most that could be put on a whats app is person in a red car acting suspiciously. A person can kep a private note of a reg no, but should not be sharing it. there are cyclists making a career out of going into garda stations with camera footage thinking they are going to have drivers prosecuted. It is likely annoying some guards having to deal with them

See this discussion for example. A lot of do-gooders on there.

https://www.boards.ie/discussion/2058397290/prepared-statements-the-gardai/p1

witchgirl26

https://www.boards.ie/discussion/comment/123665220#Comment_123665220

The OP was the one who mentioned that themselves. So obviously these people do work.

10-10-20

https://www.boards.ie/discussion/comment/123665546#Comment_123665546

So you're saying that if I'm part of a resident's WhatsApp group that I cannot utilise the most unique descriptive and publicly available identifier of a vehicle if I'm describing a potential safety concern?

magicbastarder

https://www.boards.ie/discussion/comment/123665201#Comment_123665201

i don't think this is relevant; partly because it's one garda who sent this communication out who probably misunderstands the law; and the laws on GDPR are clear that it's not just what data is collected, but why.

if there was a general issue with dashcams and GDPR, we'd all know by now - they'd have been ruled out as evidence across the EU as a result.

but this stated case is explicitly collecting information on the movements of specific people in the community. that's a very different use case, it's targetted, and with a clear presumption of guilt of criminal offences.

Claw Hammer

https://www.boards.ie/discussion/comment/123665906#Comment_123665906

Yes. See this case.

Vehicle Registrations are personal data. You cannot share them with your neighbours.

https://www.techlaw.ie/2014/12/articles/cyber-risk-data-privacy/cjeu-restricts-use-of-cctv-surveillance-for-domestic-purposes/

10-10-20

https://www.boards.ie/discussion/comment/123666321#Comment_123666321

Ah, that's different though. That CJEU ruling was specifically about household CCTV and it's use in the public area surrounding a residence. Well aware of that hence why I mentioned contemporaneous notes as these would imply that the observation was made and notes taken at the time of the event.

Claw Hammer

https://www.boards.ie/discussion/comment/123666480#Comment_123666480

The CJEU ruling also said the "personal use" exemption had to be construed restrictively. The Irish DPC has already said that car reg numbers are personal data. Sharing them with neighbours is not personal use.

Woodcutting

https://www.boards.ie/discussion/comment/123665201#Comment_123665201

There was a complaint to GSOC -see GSOCReport 2023- by a cyclist doing similar who filmed himself going through a red light and was told he would be fined . I can't recall if he was or the outcome