Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

GDPR and Irish politics.

  • 23-04-2021 12:34pm
    #1
    Registered Users Posts: 66,303 ✭✭✭✭


    Deserves a thread if it's own with all parties having issues with compliance.

    What are the implications of proper compliance to GDPR for Irish politics?

    My opinion (not expert by any stretch) is that it is too restrictive in the modern age. I get that the data has to be available to people who want to know what is held on them But what are the implications of misuse of this data? Can anyone lay them out in a real world way?

    Another question would be, what has the DPC being doing if this has been going on? Is he/she remiss in not checking this?


«13456713

Comments

  • Registered Users Posts: 3,358 ✭✭✭francois


    Deserves a thread if it's own with all parties having issues with compliance.

    What are the implications of proper compliance to GDPR for Irish politics?

    My opinion (not expert by any stretch) is that it is too restrictive in the modern age. I get that the data has to be available to people who want to know what is held on them But what are the implications of misuse of this data? Can anyone lay them out in a real world way?

    Another question would be, what has the DPC being doing if this has been going on? Is he/she remiss in not checking this?

    GDPR is fine and needed. In fact Id like it to properly policed and more power given to the DPC. Look how the latest Facebook leak of half a billion names was treated by a shrug of Zuckerberg's shoulders.... presume the context for this is the SF db?


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    francois wrote: »
    GDPR is fine and needed. In fact Id like it to properly policed and more power given to the DPC. Look how the latest Facebook leak of half a billion names was treated by a shrug of Zuckerberg's shoulders.... presume the context for this is the SF db?

    In what way 'more powers'? He/she surely had the power to ensure parties were fully compliant.

    *Yes, this is in the context of what came out about SF's database, but as we know now, all parties are under scrutiny and have issues. They are all coming into committee to answer questions.


  • Registered Users Posts: 23,246 ✭✭✭✭Dyr


    GDPR was needed but it is most definitely not fine, its a byzantine mess that's added significant cost and significant complexity to European businesses and them less competitive. You can tell it was designed by people who love creating rules, EU bureaucrats and legal professionals

    It should have introduced a simple ruleset and built on it rather than the current mess.


  • Registered Users Posts: 3,358 ✭✭✭francois


    Bambi wrote: »
    GDPR was needed but it is most definitely not fine, its a byzantine mess that's added significant cost and significant complexity to European businesses and them less competitive. You can tell it was designed by people who love creating rules, EU bureaucrats and legal professionals

    It should have introduced a simple ruleset and built on it rather than the current mess.

    There's 7 principles to adhere to, not particularly difficult to apply, and I say this as someone involved with these in my job


  • Registered Users Posts: 27,034 ✭✭✭✭blanch152


    GDPR can be viewed as similar to road traffic offences. If you have been driving for 40 years, you are bound to have exceeded a speed limit here or there, not given enough space to cyclists, braked too sharply etc. Most of these happen as a result of carelessness or oversight. Similarly, with GDPR, if you are handling large amounts of data, you will on occasion not be in compliance in a similar way.

    At the same time, there are offences linked to road traffic which are of a serious nature - dangerous driving, driving under the influence, dangerous driving causing injury or death. Similarly, with GDPR, there are offences which are much more serious than others, such as centralised databases with the electoral register used to profile voters.

    Minor inadvertent or careless breaches of GDPR shouldn't be used as a distraction from significant and serious breaches.


  • Advertisement
  • Registered Users Posts: 27,986 ✭✭✭✭AndrewJRenko


    blanch152 wrote: »
    Similarly, with GDPR, there are offences which are much more serious than others, such as centralised databases with the electoral register used to profile voters.

    .

    How exactly did you work out that holding a centralised database with the electoral register used to profile voters is a GDPR offence?


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    How exactly did you work out that holding a centralised database with the electoral register used to profile voters is a GDPR offence?
    Profiling requires consent.


    Taking the electoral register and blindly knocking on doors is not profiling.


    Taking the electoral register, then adding additional information from other sources to it in order to build a better picture of each individual voter to better target them with a view to securing their vote for you is profiling.


  • Registered Users Posts: 27,986 ✭✭✭✭AndrewJRenko


    KildareP wrote: »
    Profiling requires consent.


    Taking the electoral register and blindly knocking on doors is not profiling.


    Taking the electoral register, then adding additional information from other sources to it in order to build a better picture of each individual voter to better target them with a view to securing their vote for you is profiling.

    So did they get consent?


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    So did they get consent?
    This is what the Irish DPC and UK ICO are currently investigating.


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    KildareP wrote: »
    Profiling requires consent.


    Taking the electoral register and blindly knocking on doors is not profiling.


    Taking the electoral register, then adding additional information from other sources to it in order to build a better picture of each individual voter to better target them with a view to securing their vote for you is profiling.

    I'm wondering if that is too restrictive? If used properly what is the harm in gathering this kind of data?
    The worst that can happen is the data is wrong and the profiled votes another way?


  • Advertisement
  • Registered Users Posts: 1,410 ✭✭✭KildareP


    I'm wondering if that is too restrictive? If used properly what is the harm in gathering this kind of data?
    The worst that can happen is the data is wrong and the profiled votes another way?
    That question is in many ways subjective.


    If I were to ask you what you thought of Cambridge Analytica and their involvement in Donald Trump's election win, for example?


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    KildareP wrote: »
    That question is in many ways subjective.


    If I were to ask you what you thought of Cambridge Analytica and their involvement in Donald Trump's election win, for example?

    Did you miss this bit?
    If used properly


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    Did you miss this bit?
    Define "properly".


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    KildareP wrote: »
    Define "properly".

    For electoral purposes.


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    For electoral purposes.
    Which is exactly what Donald Trump used Cambridge Analytica for.


  • Registered Users Posts: 27,986 ✭✭✭✭AndrewJRenko


    KildareP wrote: »
    This is what the Irish DPC and UK ICO are currently investigating.

    So you don't know and I don't know and Blanch doesn't know, even though they've somehow already decided that this is an 'offence'.


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    So you don't know and I don't know and Blanch doesn't know, even though they've somehow already decided that this is an 'offence'.
    Until the DPC/ICO complete their investigation and publish their report, then no, none of us can state they are found guilty of an offence, until they have, well, been found guilty.


    However it is widely reported they were already established not to be in compliance with at least two areas of GDPR so far:
    (1) that SF were required to appoint a Data Protection Officer, but did not
    (2) that SF were required to carry out a risk assessment on the data collection activity, but did not.


    The question of whether they had the consent on the profiling aspect remains to be seen also.


  • Registered Users Posts: 27,034 ✭✭✭✭blanch152


    KildareP wrote: »
    Until the DPC/ICO complete their investigation and publish their report, then no, none of us can state they are found guilty of an offence, until they have, well, been found guilty.


    However it is widely reported they were already established not to be in compliance with at least two areas of GDPR so far:
    (1) that SF were required to appoint a Data Protection Officer, but did not
    (2) that SF were required to carry out a risk assessment on the data collection activity, but did not.


    The question of whether they had the consent on the profiling aspect remains to be seen also.

    It is not just widely reported, it was confirmed by Mary-Lou herself on Prime Time that SF are not in compliance with GDPR and that previous statements that they were were false.


  • Registered Users Posts: 27,034 ✭✭✭✭blanch152


    I'm wondering if that is too restrictive? If used properly what is the harm in gathering this kind of data?
    The worst that can happen is the data is wrong and the profiled votes another way?

    That is extremely naive. A political party building a database on every single voter in the country doesn't alarm you in any way?


  • Posts: 3,801 ✭✭✭[Deleted User]


    KildareP wrote: »
    That question is in many ways subjective.


    If I were to ask you what you thought of Cambridge Analytica and their involvement in Donald Trump's election win, for example?

    I’d say that has been widely disproven and is a moral panic.

    With regard to the property register and the electoral register I would rather that neither were online. My experience with GDPR is a fair amount of extra work at work and little benefit in terms of spam etc. Those guys weren’t obeying the rules to begin with.


  • Advertisement
  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    KildareP wrote: »
    Which is exactly what Donald Trump used Cambridge Analytica for.

    Cambridge Analytica are a private consulting firm.

    I am talking about a political party doing this and using it for electoral purposes.


  • Registered Users Posts: 27,986 ✭✭✭✭AndrewJRenko


    blanch152 wrote: »
    It is not just widely reported, it was confirmed by Mary-Lou herself on Prime Time that SF are not in compliance with GDPR and that previous statements that they were were false.

    Just to be clear, what you said was; "there are offences which are much more serious than others, such as centralised databases with the electoral register used to profile voters". That is false. A centralised database with the electoral register used to profile voters is not an offence under GDPR.

    It remains to be seen whether the SF database complied with GDPR. But there is not in principle wrong with such a database.


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    blanch152 wrote: »
    That is extremely naive. A political party building a database on every single voter in the country doesn't alarm you in any way?

    Not particularly, given I have known since the 70's that political parties do this.

    If I could use a gun analogy, there is nothing inherently wrong with a gun, it is what it is used for is the problem.

    What is the problem (nobody has outlined one) using this data for canvassing and electoral purposes?


    Again, I think a DPC doing their job properly could keep an eye on stuff like this. He/she is supposed to be anyway and I hope questions are asked why so many issues across parties in compliance, as it is.


  • Registered Users Posts: 27,034 ✭✭✭✭blanch152


    Just to be clear, what you said was; "there are offences which are much more serious than others, such as centralised databases with the electoral register used to profile voters". That is false. A centralised database with the electoral register used to profile voters is not an offence under GDPR.

    It remains to be seen whether the SF database complied with GDPR. But there is not in principle wrong with such a database.

    If the database consists of the electoral register and nothing else, there is no problem. The question, is to what purpose is such a database, unless you include other information garnered from voters. Unless you get the consent of every single voter for that other information you put on that database, then there is a problem, and it is a big one, given the nature of the database.


  • Registered Users Posts: 1,410 ✭✭✭KildareP


    Cambridge Analytica are a private consulting firm.

    I am talking about a political party doing this and using it for electoral purposes.
    That is some impressive contortion! :)

    Either it's acceptable practice or it's not.

    Let's consider another example - the HSE/Dept of Health building "dossiers" from private and confidential patient medical records of people it considers are very likely to sue them in the future. All done in house. Is that acceptable?


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    blanch152 wrote: »
    If the database consists of the electoral register and nothing else, there is no problem. The question, is to what purpose is such a database, unless you include other information garnered from voters. Unless you get the consent of every single voter for that other information you put on that database, then there is a problem, and it is a big one, given the nature of the database.

    The question I asked is, what is the problem with that, if it is used for more efficient electioneering?

    Is GDPR getting in the way here?


  • Registered Users Posts: 66,303 ✭✭✭✭FrancieBrady


    KildareP wrote: »
    That is some impressive contortion! :)

    Either it's acceptable practice or it's not.

    Let's consider another example - the HSE/Dept of Health building "dossiers" from private and confidential patient medical records of people it considers are very likely to sue them in the future. All done in house. Is that acceptable?

    What?

    I am asking about using this information properly, as a tool to be more efficient, not for nefarious improper use.


  • Registered Users Posts: 27,034 ✭✭✭✭blanch152


    Not particularly, given I have known since the 70's that political parties do this.

    If I could use a gun analogy, there is nothing inherently wrong with a gun, it is what it is used for is the problem.

    What is the problem (nobody has outlined one) using this data for canvassing and electoral purposes?


    Again, I think a DPC doing their job properly could keep an eye on stuff like this. He/she is supposed to be anyway and I hope questions are asked why so many issues across parties in compliance, as it is.

    As someone else said, every organisation will have inadvertent and minor breaches of GDPR from time to time, given the nature of GDPR. However, a deliberately constructed database using information from voters obtained and stored without their consent is a horse of a very different colour.

    There is no problem using the electoral register for canvassing and political purposes i.e. to identify where voters live and how many voters are in a particular dwelling or to address a general letter or election material to each individual. Those are the types of things the electoral register can be used for.

    However, once, in an organised and systematic way (and there are more important considerations if you do this electronically, such as limiting access) you add additional information, such as likely voting intentions or that this person follows Mairia Cahill or Gerry Adams on Facebook, then you are doing something that is a huge problem because you don't have consent.

    As for the DPC, they are doing their job, and I look forward to seeing the outcome.


  • Registered Users Posts: 1,493 ✭✭✭crossman47


    KildareP wrote: »
    Profiling requires consent.


    Taking the electoral register and blindly knocking on doors is not profiling.


    Taking the electoral register, then adding additional information from other sources to it in order to build a better picture of each individual voter to better target them with a view to securing their vote for you is profiling.

    Is it any different to the old pen and paper approach of marking likely voters on the register to ensure, for example, they got a lift to the polling station?


  • Advertisement
  • Registered Users Posts: 8,248 ✭✭✭Gloomtastic!


    Niall Ring, the former Dublin mayor, was up before the courts owing hundreds of 1000s on his €1million mortgage for his palatial house in Clontarf.

    The loan had been repaid in full your honour. Where did the funds come from? the judge asked.

    Ring’s lawyer said he couldn’t disclose that due to GDPR.

    Ok, said the judge. Next!

    You really couldn’t make this up.

    http://www.irishtimes.com/news/crime-and-law/bank-s-1m-claim-to-dublin-mayor-s-home-struck-out-1.3793766?mode=amp


Advertisement