It's GDPR gone mad, so it is

Quantum Erasure · 28-01-2020 8:16pm #1

I saw on the RTE news there that the HSE couldn't give out the locations of community defibrillator units, as it would be a breach of GDPR, so some lad decided to map them all (in Laois at least) and make the locations publicly available (article here, which doesn't give a link to the app or site or whatever...)

...And just after that report, there was a report about the GAA advising trainers / managers not to communicate with teams over Whatsapp, due to GDPR fears, and that the GAA will be setting up their own messaging app... whatever difference that will make, I don't know.

So, are these reasonable measures, or is it GDPR gone mad ?

Atlantic Dawn · 28-01-2020 8:17pm

Yes saw this myself, couldn't understand it, going by those rules a phonebook is a breach of GDPR.

Salary Negotiator · 28-01-2020 8:18pm

How hard is it to get the owners of the property to sign a waiver.

CrankyHaus · 28-01-2020 8:19pm

Quantum Erasure wrote: »

I saw on the RTE news there that the HSE couldn't give out the locations of community defibrillator units, as it would be a breach of GDPR, so some lad decided to map them all (in Laois at least) and make the locations publicly available (article here, which doesn't give a link to the app or site or whatever...)

...And just after that report, there was a report about the GAA advising trainers / managers not to communicate with teams over Whatsapp, due to GDPR fears, and that the GAA will be setting up their own messaging app... whatever difference that will make, I don't know.

So, is it GDPR gone mad, or are these reasonable measures?

Both examples sound like either a poor understanding of GDPR or using it as an excuse for laziness.

Other examples like the DPC opposing communities installing CCTV to protect against burglary are more concerning.

joebloggs32 · 28-01-2020 8:19pm

I don't think its GDPR gone mad......its the idiots who are afraid to say/do anything through a misguided fear of falling foul of it.

F34 · 28-01-2020 8:19pm

Some jobsworth in the HSE being an ass more than anything.

Didn’t the OPW have some lemon try to outlaw visitor books until they were told to cop on.

odyssey06 · 28-01-2020 8:19pm

Call me a cynic or is it coincidental that all these vague citings of GDPR are done in the name of actually doing less work???

Harry Palmr · 28-01-2020 8:20pm

Saw that, how does GDPR get in the way of revealing the location of a life saving device?

is_that_so · 28-01-2020 8:20pm

Did anyone say which regulations it breaks? Sounds like nonsense.

Obvious Desperate Breakfasts · 28-01-2020 8:27pm

The acronym I am sick of the mostest. And the bores who glom on to it to make themselves sound important.

beauf · 28-01-2020 8:45pm

odyssey06 wrote: »

Call me a cynic or is it coincidental that all these vague citings of GDPR are done in the name of actually doing less work???

In my experience it creates loads of completely pointless extra work.

odyssey06 · 28-01-2020 8:47pm

beauf wrote: »

In my experience it creates loads of completely pointless extra work.

For productive employees or does it 'create' a completely pointless extra job to oversee the pointlessness

punisher5112 · 28-01-2020 8:49pm

It's easier to do nothing, easier again to pass the can...

Absolutely ridiculous, these units should be known where they can be grabbed when needed.

whisky_galore · 28-01-2020 8:54pm

HSE on top form again, it's like something out of the former Soviet Union in terms of bloated inefficiency and unaccountablility.

riffmongous · 28-01-2020 8:57pm

A load of bull****.

I'm (EU but not Ireland) signed up for an app that alerts you to anyone within 5 minutes distance who has called in a cardiac arrest and guides you to the next defi and then to the patient, no problems with giving the locations of every single defi in the city

Sleeper12 · 28-01-2020 8:58pm

Atlantic Dawn wrote:

Yes saw this myself, couldn't understand it, going by those rules a phonebook is a breach of GDPR.

I don't disagree with you but with the phone book you volunteer the information & ask that it's put in the phone book (if we still have phone books). It would be a breach if you wanted to be ex directory but they published your details anyway.

I do get your point though

marieholmfan · 28-01-2020 8:59pm

The GAA building its own whatsapp clone is a disaster waiting to happen

angel eyes 2012 · 28-01-2020 9:05pm

On reading the article it appears that a number of the devices have been locked away on private property, therefore it wouldn't be appropriate to publish the address of the private individuals in the circumstances unless the individuals had given their explicit consent for their personal data ie name, address etc. to be made available or if the HSE rolls out contracts for the provision of defibrillators in these locations.

From my understanding of the article there is no data protection issue in providing details on the location of devices available in public places as there is no personal data to protect.

Edgware · 28-01-2020 9:08pm

It has replaced Health and Safety as an excuse for officials to do nothing

Sleeper12 · 28-01-2020 9:10pm

angel eyes 2012 wrote:

From my understanding of the article there is no data protection issue in providing details on the location of devices available in public places as there is no personal data to protect.

Ah Jasus. Where are you going, with your reading the full article? We were enjoying having a good old moan and you come charing in with facts! Jasus wept

Dravokivich · 28-01-2020 9:14pm

WhatsApp is a 3rd party messaging app. People may not want their information going through it.

The location of publically accessible defibrillators should be posted. Its no more trivial than where's the nearest petrol station.

Dravokivich · 28-01-2020 9:15pm

Atlantic Dawn wrote: »

Yes saw this myself, couldn't understand it, going by those rules a phonebook is a breach of GDPR.

No it isnt. GDPR is about the purposes of retaining data.

CrankyHaus · 28-01-2020 9:19pm

angel eyes 2012 wrote: »

On reading the article it appears that a number of the devices have been locked away on private property, therefore it wouldn't be appropriate to publish the address of the private individuals in the circumstances unless the individuals had given their explicit consent for their personal data ie name, address etc. to be made available or if the HSE rolls out contracts for the provision of defibrillators in these locations.

From my understanding of the article there is no data protection issue in providing details on the location of devices available in public places as there is no personal data to protect.

If that is the case then why did any contract between the HSE and private individuals for the provision of the defibrillator not include contracted disclosure of their locations to the public?

GDPR is a 2016 regulation that was years in development and isn't a huge departure from our preexisting Data Protection Acts going back to 1988. It's hardly a bolt from the blue that the HSE are struggling to adapt to.

listermint · 28-01-2020 9:23pm

Dravokivich wrote: »

WhatsApp is a 3rd party messaging app. People may not want their information going through it.

The location of publically accessible defibrillators should be posted. Its no more trivial than where's the nearest petrol station.

You can remove from group or just not join a team sport if you are going to be such a sad sack to give out about gdpr arranging training sessions.

angel eyes 2012 · 28-01-2020 9:29pm

CrankyHaus wrote: »

If that is the case then why did any contract between the HSE and private individuals for the provision of the defibrillator not include contracted disclosure of their locations to the public?

GDPR is a 2016 regulation that was years in development and isn't a huge departure from our preexisting Data Protection Acts going back to 1988. It's hardly a bolt from the blue that the HSE are struggling to adapt to.

I am only reading the OP's linked article and there is nothing to say that the HSE actually owns these defibrillators, perhaps the communities just purchased them for their own local activities. Suddenly someone suggested that a map showing the location of all the devices would be very beneficial and asked the HSE to prepare the map.

Now either the HSE doesn't "own" the privately stored devices or they assisted with the rollout of devices and overlooked ensuring any contracts had data protection covered. (I am guessing it's the former).
Again, there is nothing stopping them providing location information on devices located in public areas ie local Garda station, local park etc.

marieholmfan · 28-01-2020 9:30pm

Maybe someone promised it would be done by Feb 1 and hasn't started and needs to delay a bit.

Thargor · 28-01-2020 10:05pm

Slightly o/t but I see those defibrillators sited in some dodgy places around Dublin and Bray and they never seem to get stolen or vandalized, one place in particular in Bray I said WTF are they thinking when I saw it but a couple of years later not a scratch on it, nice to see.

Dravokivich · 28-01-2020 10:07pm

listermint wrote: »

You can remove from group or just not join a team sport if you are going to be such a sad sack to give out about gdpr arranging training sessions.

They dont have to be arranged via WhatsApp. And it's not about removing from a group either. The concern is with being someone who doesnt want their information handled through a 3rd party service. Which in this case would be whatsapp. Especially if it's not a service one uses.

Elemonator · 28-01-2020 10:09pm

It is a lazy attempt and a total misinterpretation of GDPR. GDPR applies to businesses or entities that process data as part of their operations ie. commercial. Personal use is exempt (so don’t worry about your dash cam). I really can’t see how the location of a medical device is any issue.

Mrs OBumble · 28-01-2020 10:17pm

The HSE don't provide the defibs. If they published a list, and your relative died because someone went to the place of the list only to find that the unit wasn't there anymore (because the owner decided to move it or lock it away or whatever), then you might try suing the HSE for their death.

If you think you need a defib, just call the emergency number and follow their instructions.

And the GAA is justified. Problems they've had include parents sharing inappropriate material to a group and then leaving it. When this happens, the GAA have no way to deleting the material.

The whole WhatsApp thing is a nightmare. I started a new contract 2 months ago, and was told to get a certain manager to add me to the company WhatsApp. So far have just ignored the request, because I really don't fancy giving my private mobile number to all my colleagues. But the question is going to come up again.

angel eyes 2012 · 28-01-2020 10:21pm

Elemonator wrote: »

It is a lazy attempt and a total misinterpretation of GDPR. GDPR applies to businesses or entities that process data as part of their operations ie. commercial. Personal use is exempt (so don’t worry about your dash cam). I really can’t see how the location of a medical device is any issue.

Not correct. Public bodies such as Government Departments etc. and in the case the HSE are all non-commercial bodies and must comply with the GDPR.

joebloggs32 · 28-01-2020 10:27pm

Dravokivich wrote: »

They dont have to be arranged via WhatsApp. And it's not about removing from a group either. The concern is with being someone who doesnt want their information handled through a 3rd party service. Which in this case would be whatsapp. Especially if it's not a service one uses.

I think we found the sad sack!

28-01-2020 10:27pm

joebloggs32 wrote: »

I don't think its GDPR gone mad......its the idiots who are afraid to say/do anything through a misguided fear of falling foul of it.

On the flip side of that I know a man who regularly complains via email about anything he thinks is a breach of Gdpr. He does it just for the sake of it.and because he knows the law is on his side. Or maybe more precise to say, he thinks the law is on his side and he knows the people he contacts aren't too sure about the whole thing.

riffmongous · 28-01-2020 11:01pm

Mrs OBumble wrote: »

The HSE don't provide the defibs. If they published a list, and your relative died because someone went to the place of the list only to find that the unit wasn't there anymore (because the owner decided to move it or lock it away or whatever), then you might try suing the HSE for their death.

If you think you need a defib, just call the emergency number and follow their instructions.

I don't think you understand the point of providing defis in the first place, it's about speed and getting the person shocked asap, before the ambulance can arrive, especially if it takes longer than about 5-8 mins.

Capt'n Midnight · 29-01-2020 12:19am

There's a long running scam where offices in Georgian buildings in town evade avoid tax by opening their lovely ornate ceilings to the public.

Revenue won't tell An Taisce which buildings are open to the public.

dreamers75 · 29-01-2020 12:56am

Used to be a GDPR processor and controller, new job....things I dont give a fcuk about......... GDPR

And ****ing document storage boxes, they can also go fcuk themselves.

Raconteuse · 29-01-2020 1:00am

beauf wrote: »

In my experience it creates loads of completely pointless extra work.

This.

angel eyes 2012 wrote: »

On reading the article it appears that a number of the devices have been locked away on private property, therefore it wouldn't be appropriate to publish the address of the private individuals in the circumstances unless the individuals had given their explicit consent for their personal data ie name, address etc. to be made available or if the HSE rolls out contracts for the provision of defibrillators in these locations.

From my understanding of the article there is no data protection issue in providing details on the location of devices available in public places as there is no personal data to protect.

Knew it would be the above.

Edgware wrote: »

It has replaced Health and Safety as an excuse for officials to do nothing

Such shyte. People often haven't a clue what they're on about when talking about data protection.

Deleted User wrote: »

On the flip side of that I know a man who regularly complains via email about anything he thinks is a breach of Gdpr. He does it just for the sake of it.and because he knows the law is on his side. Or maybe more precise to say, he thinks the law is on his side and he knows the people he contacts aren't too sure about the whole thing.

Exactly this. Workers hate having to comply with the more stupid, pedantic aspects of data protection but they have to. It's drilled into them how serious and important it is. It means whiny customers (and conspiracy theories about an EU directive being used as an excuse to do less work) which they hardly want to visit on themselves.

But also, is it not a positive that people's data is stringently protected? I love how this legitimate barrier is dismissed as an "excuse".

Mrs OBumble · 29-01-2020 2:13am

riffmongous wrote: »

I don't think you understand the point of providing defis in the first place, it's about speed and getting the person shocked asap, before the ambulance can arrive, especially if it takes longer than about 5-8 mins.

I understand perfectly well.

Call the number and the operator will talk you thru getting things started vs running around like a headless chook looking for a piece of equipment which you likely don't know how to use and may not have access to. ( The people who do have access already know where the equipment is, they don't need the HSE to tell them.)

beauf · 29-01-2020 2:24am

I'm not sure why you quoted me.

I often am presented with the situation that in order to help someone I need their details. I can't get the details because someone thinks its a GDPR issue to give me those details.
But I will be asked to spends lots of time on the issue, to find a long winded way to get that information, which actually gives me more information than was needed in the first place.
But I will end up back at the start, because I can't give the information to the person who asked for it. Because of GDPR.

It would be like John Smith asking for password reset, but I need the email to reset it. But he won't give it to me because of GDPR. I can see a misspelling on the email, but can't tell John Smith because thats GDPR. So everyones time is wasted. (I don't actually have anything to do with passwords, I just couldn't think of a better example, and this isn't a good one, before someone picks obvious holes in it).

beauf · 29-01-2020 2:29am

Mrs OBumble wrote: »

I understand perfectly well.

Call the number and the operator will talk you thru getting things started vs running around like a headless chook looking for a piece of equipment which you likely don't know how to use and may not have access to. ( The people who do have access already know where the equipment is, they don't need the HSE to tell them.)

So only people who know where it is can be told where it is. Even though they already know. But by the time they get there, it will be too late than they won't need it anyway.

The people who don't know where it isn't can't be told. Despite those people being the only people who need the location and the only people who will be able to make best use of it.

If one is crazy, one does not have to fly missions; and one must be crazy to fly. But one has to apply to be excused, and applying demonstrates that one is not crazy. As a result, one must continue flying, either not applying to be excused, or applying and being refused.

https://en.wikipedia.org/wiki/Catch-22

raze_them_all_ · 29-01-2020 2:32am

Gdpr was basically set up to stop the likes of Facebook selling your data on.... And now it's just silly and hugely misunderstood

Fr Tod Umptious · 29-01-2020 8:31am

It's very easy to see how the WhatsApp is a concern.

Let's say you have a sports club with a kids teams, let's say under 8 girls.

The coach sets up a WhatsApp group for all the parents of the under 8 girls so that they let them know when training is, if training is cancelled, if a game has been scheduled, who can help out with x,y or z next week etc. etc.

Now in that WhatsApp group any parent (not just the coach) can see the phone number of another parent, regardless of whether that parent wants them to see it or not.
And that is the issue.

Using Whatsapp to communicate in sports clubs has been around longer than GDPR so it's very widely used and finding an alternative is difficult.

lawred2 · 29-01-2020 8:38am

Quantum Erasure wrote: »

I saw on the RTE news there that the HSE couldn't give out the locations of community defibrillator units, as it would be a breach of GDPR, so some lad decided to map them all (in Laois at least) and make the locations publicly available (article here, which doesn't give a link to the app or site or whatever...)

...And just after that report, there was a report about the GAA advising trainers / managers not to communicate with teams over Whatsapp, due to GDPR fears, and that the GAA will be setting up their own messaging app... whatever difference that will make, I don't know.

So, are these reasonable measures, or is it GDPR gone mad ?

Every club up and down the land is using Whatsapp groups... What's the actual tenet of GDPR that is apparently being broken?

lawred2 · 29-01-2020 8:40am

Fr Tod Umptious wrote: »

It's very easy to see how the WhatsApp is a concern.

Let's say you have a sports club with a kids teams, let's say under 8 girls.

The coach sets up a WhatsApp group for all the parents of the under 8 girls so that they let them know when training is, if training is cancelled, if a game has been scheduled, who can help out with x,y or z next week etc. etc.

Now in that WhatsApp group any parent (not just the coach) can see the phone number of another parent, regardless of whether that parent wants them to see it or not.
And that is the issue.

Using Whatsapp to communicate in sports clubs has been around longer than GDPR so it's very widely used and finding an alternative is difficult.

They would have had to have given their number to have it added to the group in the first place

Dial Hard · 29-01-2020 8:50am

Dravokivich wrote: »

They dont have to be arranged via WhatsApp. And it's not about removing from a group either. The concern is with being someone who doesnt want their information handled through a 3rd party service. Which in this case would be whatsapp. Especially if it's not a service one uses.

If you don't use WhatsApp then you can't be added to any groups or contacted through it. You simply don't appear in the phone book if you don't have the app downloaded and set up. You don't exist as far as WhatsApp is concerned.

Fr Tod Umptious · 29-01-2020 8:59am

lawred2 wrote: »

They would have had to have given their number to have it added to the group in the first place

This is the problem.
They would have given their number to the group administrator/coach who would have solicited it in the first place, but not to the other members of the group.

elefant · 29-01-2020 9:15am

lawred2 wrote: »

They would have had to have given their number to have it added to the group in the first place

It's probably fine in general, as long as it's made expressly clear that when you're providing your number to an administrator that you're going to be added to a whatsapp group where lots of other people you don't know at all can see the number.

It only takes one disgruntled parent to claim they gave their number to an individual coach to be updated about their kid's team only for their number to be added to a group, without opting in, where 100 other parents have access to that name/number, for things to suddenly be a potential problem.

You'd be skeptical about the GAA ever enforcing (or being able to enforce) any kind of ban on whatsapp groups but I can see why they, as an organisation, are basically saying: 'adding someone's personal details to a whatsapp group is the personal decision of a coach, and not endorsed by the GAA'.

jester77 · 29-01-2020 9:45am

It's being taken to the extreme.
I see in my creche, the children are no longer allowed to have their photo displayed. They had them on magnets for selecting daily tasks. Any list in the creche is no longer allowed to have full surnnames. If the creche takes some photos, the USB stick has to be kept in a locked safe at all times. Utter madness.

beauf · 29-01-2020 10:16am

jester77 wrote: »

It's being taken to the extreme.
I see in my creche, the children are no longer allowed to have their photo displayed. They had them on magnets for selecting daily tasks. Any list in the creche is no longer allowed to have full surnnames. If the creche takes some photos, the USB stick has to be kept in a locked safe at all times. Utter madness.

No need for photos and badges can be animals or characters.

Other than registering I can't imagine you use a surname than much. But there will be times when you need to use it.

beauf · 29-01-2020 10:18am

It's could be solved is WhatsApps allow alias and hiding numbers for some groups. That could be abused though.

lawred2 · 29-01-2020 10:25am

beauf wrote: »

No need for photos and badges can be animals or characters.

Other than registering I can't imagine you use a surname than much. But there will be times when you need to use it.

You can give the creche explicit permission for pictures. No big deal.

It's GDPR gone mad, so it is

Comments