GDPR and Irish politics.

Floppybits

cee_jay wrote: »

How do you propose they monitor databases they have no knowledge of?

Of course they know there is a database they probably just don't know where it is being hosted. One of the problems if they hired a 3rd party to set this up for them using cloud hosting.

In saying that they should have still got all the information from whoever set the thing up like where the hosting server is based, database details and other such information. Now whether Mary Lou knows those exact details I would doubt it. I know from my own work in IT that the higher ups rarely know the details of server names or where they are hosted and nowadays all you have to say is its in the cloud and most managers will be lost.

KildareP

FrancieBrady wrote: »

I honestly don't believe that recording what is in fact a guess (how somebody might vote) beside a name in the electoral register is a crime of any magnitude.

Nobody is saying why this is a bad thing.

If somebody is using data improperly that is wrong and should not happen (Can we put the CA and conspiracy stuff to one side and discuss 'proper use')

OK, if someone approached me tomorrow to say "build a database that will win our party an election" (after all, why would you go to the effort of building a database, if not to increase your chances at winning elections?), my questions will be:

Who is registered to vote? Well that's the electoral register.
Offers absolutely no insight whatsoever! May as well just lookup the electoral register directly each time you need to know.

So I need to ask more questions and then establish more detail outside of the electoral register.

Do these people vote for our party?
If yes, great!

If no, why not?
Simply knowing they do not vote for our party is of little additional use beyond knowing they're registered to vote.
We need to convert them into voters.

I need to know who they vote for instead?
What is instead's party doing that our party is not?
What could our party do that would make them consider voting for us?
Do they not vote for anyone else because they feel disillusioned?
Or do they just not bother voting at all because they couldn't be bothered?

To start getting an idea of what might make them consider our party, I'd need to establish what sort of things matter to this person and so I'd need to know things like:

How old are they?
Where did they go to school?
Have they gone to college? What did they study?
Do they still live with their parents?
If they've moved out, are they renting and sharing, renting alone, have bought their own house, used help to buy, or availed of affordable housing?
Whereabouts do they live? Where did they live previously?
Do they have a car? What type of car? How old is it?
Do they work? What do they work at? Where do they work? How long have they worked there and any jobs previous?
How much do they earn?
Have they got a pension?
Have they get private health insurance?
Are they married? Have they got kids?

Suddenly I'm looking to gather quite a large amount of extremely private and sensitive information about individuals. But if I argue it's OK to do it under the guise of doing so for "electoral purposes", is that still OK?

And that's the problem - where do you draw the line on when it's still deemed to be "using this information properly" for "electoral purposes" and when that's no longer the case?

Who even gets to draw the line, in the absence of GDPR?

Do I not have the right to not be profiled in this manner?

Do I not have the right to make sure my sensitive information collected and stored about me is not at risk of being leaked in a breach?

Of course - I'm not saying this is what Sinn Fein have done, none of us know what is in their database at this time.

But arguing the GDPR shouldn't apply where information is being collected for "electoral purposes" is very open to interpretation as above.

This is exactly the sort of scenario that the GDPR was brought in to define.

beakerjoe

Jimbob1977 wrote: »

GDPR is a suffocating piece of legislation.

Person A: I need you to furnish me with xyz report immediately.

Person B: Sorry, I can't

Person A: Why not?

Person B: Under GDPR, you made me delete the report last month, remember?

It is an over-engineered piece of legislation that has frustrated commerce.

Its really not hard to understand.

Most people/organizations just either fear it, dont understand it or simply use it as a blanket defence for their own devices.

beakerjoe

Floppybits wrote: »

Of course they know there is a database they probably just don't know where it is being hosted. One of the problems if they hired a 3rd party to set this up for them using cloud hosting.

.

How would they have knowledge? Crystal ball?

beakerjoe

Colonel Claptrap wrote: »

Which arm of SF has access to the data?

SF Dublin?
SF Belfast?
SF Frankfurt?

Most likely appropriately authorized personal. Those who need the data to carry out their duties. Once they have a lawful basis to process the data, it all may be legal.

markodaly

FrancieBrady wrote: »

Cambridge Analytica are a private consulting firm.

I am talking about a political party doing this and using it for electoral purposes.

How is that different?
SF is a private political party?


Regardless, the only reason this thread exists is to take the heat from SF because they got caught with their hand in the cookie jar.

Now that MLMD has admitted to very serious breaches in relation to GDPR, we need to 'talk about GDPR' and how it's a 'negative' thing....

Classic!

beakerjoe

markodaly wrote: »

How is that different?
SF is a private political party?


Regardless, the only reason this thread exists is to take the heat from SF because they got caught with their hand in the cookie jar.

Now that MLMD has admitted to very serious breaches in relation to GDPR, we need to 'talk about GDPR' and how it's a 'negative' thing....

Classic!

imo, they arent very serious breaches.

I didn’t realise there was a GDPR case against Cambridge Analytica.

Overheal

Jimbob1977 wrote: »

GDPR is a suffocating piece of legislation.

Person A: I need you to furnish me with xyz report immediately.

Person B: Sorry, I can't

Person A: Why not?

Person B: Under GDPR, you made me delete the report last month, remember?

It is an over-engineered piece of legislation that has frustrated commerce.

That's an awfully vague example.

Overheal

fvp4 wrote: »

I didn’t realise there was a GDPR case against Cambridge Analytica.

I think you realize that the reference was made with regard to how data can be misused with regard to elections.

FrancieBrady

KildareP wrote: »

OK, if someone approached me tomorrow to say "build a database that will win our party an election" (after all, why would you go to the effort of building a database, if not to increase your chances at winning elections?), my questions will be:

Who is registered to vote? Well that's the electoral register.
Offers absolutely no insight whatsoever! May as well just lookup the electoral register directly each time you need to know.

So I need to ask more questions and then establish more detail outside of the electoral register.

Do these people vote for our party?
If yes, great!

If no, why not?
Simply knowing they do not vote for our party is of little additional use beyond knowing they're registered to vote.
We need to convert them into voters.

I need to know who they vote for instead?
What is instead's party doing that our party is not?
What could our party do that would make them consider voting for us?
Do they not vote for anyone else because they feel disillusioned?
Or do they just not bother voting at all because they couldn't be bothered?

To start getting an idea of what might make them consider our party, I'd need to establish what sort of things matter to this person and so I'd need to know things like:

How old are they?
Where did they go to school?
Have they gone to college? What did they study?
Do they still live with their parents?
If they've moved out, are they renting and sharing, renting alone, have bought their own house, used help to buy, or availed of affordable housing?
Whereabouts do they live? Where did they live previously?
Do they have a car? What type of car? How old is it?
Do they work? What do they work at? Where do they work? How long have they worked there and any jobs previous?
How much do they earn?
Have they got a pension?
Have they get private health insurance?
Are they married? Have they got kids?

Suddenly I'm looking to gather quite a large amount of extremely private and sensitive information about individuals. But if I argue it's OK to do it under the guise of doing so for "electoral purposes", is that still OK?

And that's the problem - where do you draw the line on when it's still deemed to be "using this information properly" for "electoral purposes" and when that's no longer the case?

Who even gets to draw the line, in the absence of GDPR?

Do I not have the right to not be profiled in this manner?

Do I not have the right to make sure my sensitive information collected and stored about me is not at risk of being leaked in a breach?

Of course - I'm not saying this is what Sinn Fein have done, none of us know what is in their database at this time.

But arguing the GDPR shouldn't apply where information is being collected for "electoral purposes" is very open to interpretation as above.

This is exactly the sort of scenario that the GDPR was brought in to define.

If it happening despite GDPR dont we need to look at how to allow perfectly normal efficiencies?
It seems to be law designed with a finger in a dyke methodology and is not fit for purpose.

beakerjoe

Overheal wrote: »

That's an awfully vague example.

It is......

I had an online order from a department store a year or so ago, collected it from Store, removed the packaging, asked the assistant could I bin the packaging.

she replied she couldnt as it was against GDPR.

Thats not GDPR gone made, its people either using GDPR as an excuse not to do something or fear of falling foul of GDPR.

Either way the issue wasnt GDPR, its the stores lack of understanding of GDPR.

FrancieBrady

markodaly wrote: »

How is that different?
SF is a private political party?

Are you saying political parties shouldn't be allowed to gather any data for electoral purposes?

Overheal

Overheal wrote: »

I think you realize that the reference was made with regard to how data can be misused with regard to elections.

Someone mentioned CA because there’s a moral panic about Facebook targeting which is largely due to Facebook’s algorithms itself and is still happening. It’s not really related. All pre GDPR.

It’s clear that nobody really knows much about GDPR despite experts turning up on forums to tell is they do. Do SF have a legitimate business use case here? Has anybody really ascertained that?

expectationlost

skimpydoo wrote: »

Mary Lou said last night that SF used to have a data compliance offer but now have a data protection officer. It looks like they might have been slightly confused about GDPR and I am sure other political parties were as equally confused no matter how you try to spin it.

so the problem was they didn't change one word in their job title?

expectationlost

cee_jay wrote: »

How do you propose they monitor databases they have no knowledge of?

be proactive

beakerjoe

FrancieBrady wrote: »

Are you saying political parties shouldn't be allowed to gather any data for electoral purposes?

Its publicly available information, once they are responsible with it is what matters.

expectationlost

beakerjoe wrote: »

It is......

I had an online order from a department store a year or so ago, collected it from Store, removed the packaging, asked the assistant could I bin the packaging.

she replied she couldnt as it was against GDPR.

Thats not GDPR gone made, its people either using GDPR as an excuse not to do something or fear of falling foul of GDPR.

Either way the issue wasnt GDPR, its the stores lack of understanding of GDPR.

it also has nothing to do with politics

beakerjoe

expectationlost wrote: »

be proactive

Elaborate? What should the DPC do exactly?

markodaly

FrancieBrady wrote: »

Are you saying political parties shouldn't be allowed to gather any data for electoral purposes?

Are you saying any private entity should be allowed to gather any data for electoral purposes?

beakerjoe

expectationlost wrote: »

it also has nothing to do with politics

the example may have nothing directly, but my point is that organizations usually just fear or dont understand how GDPR works.

FrancieBrady

markodaly wrote: »

Are you saying any private entity should be allowed to gather any data for electoral purposes?

Yes, if that is what it is for.
Can you answer the question I asked now?

FrancieBrady

beakerjoe wrote: »

Elaborate? What should the DPC do exactly?

Ask questions? And go from there = proactive.

beakerjoe

FrancieBrady wrote: »

Ask questions? And go from there = proactive.

????

What questions though? Their is no onus for the DPC to investigate unless they had evidence that data wasnt being used responsibly.

They have recently wrote to SF seeking clarity and it seems advice was given on best practice.

The DPC cant assume every organisation is misusing data,

To me the biggest problem in relation to GDPR and politics is that the Government sets the rate of funding that the DPC (https://www.irishtimes.com/business/technology/data-protection-commission-acutely-strained-by-big-tech-cases-1.4457683) will receive every year and has consistently set it below what needs to be done to run an effective service. We cannot try and be the tech capital of Europe and also have a terribly funded DPC.

Anyone who has had any dealings with the DPC will tell you that they are incredibly slow moving, there is currently a judical review pending against them for taking 2 years to get to the report stage of a case (https://noyb.eu/en/irish-high-court-judicial-review-against-dpc-admitted) personally I am almost 2 years into a case with them and its not even near a preliminary report stage because they're dragging their feet so much. However if you're a well connected politician you can somehow get a full statutory inquiry by the DPC into a newspaper publishing information you put online yourself in no time at all (https://www.independent.ie/irish-news/news/data-commission-investigates-complaint-from-maria-bailey-40218386.html)

FrancieBrady

beakerjoe wrote: »

????

What questions though? Their is no onus for the DPC to investigate unless they had evidence that data wasnt being used responsibly.

They have recently wrote to SF seeking clarity and it seems advice was given on best practice.

The DPC cant assume every organisation is misusing data,

'Do you have a database?' 'Can you tell us the following....'

Proactive. Not hard work is it?
Give them powers if they dont have them, accept the world is changing and things are going to become digiral. Strikes me the lax reactive environment suited everyone.

beakerjoe

Deleted User wrote: »

To me the biggest problem in relation to GDPR and politics is that the Government sets the rate of funding that the DPC (https://www.irishtimes.com/business/technology/data-protection-commission-acutely-strained-by-big-tech-cases-1.4457683) will receive every year and has consistently set it below what needs to be done to run an effective service. We cannot try and be the tech capital of Europe and also have a terribly funded DPC.

Anyone who has had any dealings with the DPC will tell you that they are incredibly slow moving, there is currently a judical review pending against them for taking 2 years to get to the report stage of a case (https://noyb.eu/en/irish-high-court-judicial-review-against-dpc-admitted) personally I am almost 2 years into a case with them and its not even near a preliminary report stage because they're dragging their feet so much. However if you're a well connected politician you can somehow get a full statutory inquiry by the DPC into a newspaper publishing information you put online yourself in no time at all (https://www.independent.ie/irish-news/news/data-commission-investigates-complaint-from-maria-bailey-40218386.html)

How do you know Ms Bailey didnt submit her complaint before you?

beakerjoe

FrancieBrady wrote: »

'Do you have a database?' 'Can you tell us the following....'

Proactive. Not hard work is it?
Give them powers if they dont have them, accept the world is changing and things are going to become digiral. Strikes me the lax reactive environment suited everyone.

Every business has a database, they havent the resources to do what your asking.

Our Government just doesn't have the money to fund it. Like every state agency.

FrancieBrady

beakerjoe wrote: »

Every business has a database, they havent the resources to do what your asking.

Our Government just doesn't have the money to fund it. Like every state agency.

What resources do you need to ask questions?

beakerjoe

FrancieBrady wrote: »

What resources do you need to ask questions?

Seriously? You need employees. they dont have an endless supply of employees. Its a very small organization.

blanch152

FrancieBrady wrote: »

'Do you have a database?' 'Can you tell us the following....'

Proactive. Not hard work is it?
Give them powers if they dont have them, accept the world is changing and things are going to become digiral. Strikes me the lax reactive environment suited everyone.

Like all democratic organisations, the DPC operate on the presumption of innocence. I know that it is a difficult concept to understand for some.

Floppybits

beakerjoe wrote: »

How would they have knowledge? Crystal ball?

Nah not really. They should have been told the data centre location. But as I said if set up by a third party it is probably buried in some document and let's be real what political leader would be reading that.

FrancieBrady

beakerjoe wrote: »

Seriously? You need employees. they dont have an endless supply of employees. Its a very small organization.

Well then you have to say this is not something governments have felt was important? If they wont resource the waychdog properly.

beakerjoe

FrancieBrady wrote: »

Well then you have to say this is not something governments have felt was important? If they wont resource the waychdog properly.

On the list of priorities, its probably not that high.

Floppybits

FrancieBrady wrote: »

'Do you have a database?' 'Can you tell us the following....'

Proactive. Not hard work is it?
Give them powers if they dont have them, accept the world is changing and things are going to become digiral. Strikes me the lax reactive environment suited everyone.

DPC oversees that companies and parties are abiding by the GDPR rules. It is up to the companies, parties and organisations to have the setup with their own organisations to ensure gdpr is being implemented.

markodaly

FrancieBrady wrote: »

Yes, if that is what it is for.

Brilliant!

I don't think you even know what you just admitted!

expectationlost

beakerjoe wrote: »

Every business has a database, they havent the resources to do what your asking.

Our Government just doesn't have the money to fund it. Like every state agency.

if only there were large companies earning billions operating here they could tax

beakerjoe

expectationlost wrote: »

if only there were large companies earning billions operating here they could tax

Who would then leave.

expectationlost

beakerjoe wrote: »

????

What questions though? Their is no onus for the DPC to investigate unless they had evidence that data wasnt being used responsibly.

They have recently wrote to SF seeking clarity and it seems advice was given on best practice.

The DPC cant assume every organisation is misusing data,

they can look at organisations that are in special category like political parties, read the news, see if anything is trouble the foundations of democracy perhaps.

expectationlost

beakerjoe wrote: »

Who would then leave.

if you increased their tax by 0.0000000000000001% would they leave?

KildareP

FrancieBrady wrote: »

'Do you have a database?' 'Can you tell us the following....'

Proactive. Not hard work is it?
Give them powers if they dont have them, accept the world is changing and things are going to become digiral. Strikes me the lax reactive environment suited everyone.

Well, you see Francie, here's the problem.

Under the GDPR:
Sinn Fein were supposed to appoint a DPC - they didn't.
Sinn Fein were supposed to do a risk assessment - they didn't.
Sinn Fein are supposed to obtain consent if they are profiling individuals - remains to be seen whether they did this.

But now the DPC is investigating them, you tell us in the opening post that the GDPR is "too restrictive" and are in effect suggesting it should be done away with while simultaneously criticising the DPC for not being proactive.

It seems SF have done no wrong and can do no wrong in your eyes so I'm not sure we're going to get any further in this discussion!

blanch152

KildareP wrote: »

Well, you see Francie, here's the problem.

Under the GDPR:
Sinn Fein were supposed to appoint a DPC - they didn't.
Sinn Fein were supposed to do a risk assessment - they didn't.
Sinn Fein are supposed to obtain consent if they are profiling individuals - remains to be seen whether they did this.

But now the DPC is investigating them, you tell us in the opening post that the GDPR is "too restrictive" and are in effect suggesting it should be done away with while simultaneously criticising the DPC for not being proactive.

It seems SF have done no wrong and can do no wrong in your eyes so I'm not sure we're going to get any further in this discussion!

You know that Shinnister Tom and Jerry picture that isn't a threatening gun, but a symbol of something backfiring. Would it be suitable for the OP, given the reaction to this thread?

Overheal

markodaly wrote: »

Brilliant!

I don't think you even know what you just admitted!

What did they admit?

Overheal

expectationlost wrote: »

if you increased their tax by 00000000000000000.1% would they leave?

You mean 0.1% ? :pac:

elperello

Does anyone have any idea what a profile in such a file would look like?

I'm wondering what sort of information would a profile contain?

Would it be compiled to a template or just individual party activists doing their own thing?

Maybe someone might do up a dummy profile for John A Citizen to show us.

Overheal

elperello wrote: »

Does anyone have any idea what a profile in such a file would look like?

I'm wondering what sort of information would a profile contain?

Would it be compiled to a template or just individual party activists doing their own thing?

Maybe someone might do up a dummy profile for John A Citizen to show us.

given that it's likely if you're a voter or whatever you're including and the database, and I would think you have some kind of Freedom of Information law, couldn't you request a copy of data personally tied to you and see how it looks and whats in it?

elperello

Overheal wrote: »

given that it's likely if you're a voter or whatever you're including and the database, and I would think you have some kind of Freedom of Information law, couldn't you request a copy of data personally tied to you and see how it looks and whats in it?

Thanks, I understand that one is entitled to know what data is being held about you but I was thinking of something more immediate to help the debate along.

As for myself I'm considering not engaging with any canvassers until this issue is clarified.

beakerjoe

beakerjoe wrote: »

How do you know Ms Bailey didnt submit her complaint before you?

Because I know when I submitted my complaint and it was before the newspaper had published the report on her being in the 10k race so unless she has the power of premonition I know I submitted mine first.

I'm not saying my case warrants a statutory inquiry but I am saying that people who have political connections get processes like this done quicker than those of us that don't

maccored

blanch152 wrote: »

If the database consists of the electoral register and nothing else, there is no problem. The question, is to what purpose is such a database, unless you include other information garnered from voters. Unless you get the consent of every single voter for that other information you put on that database, then there is a problem, and it is a big one, given the nature of the database.

This would affect ALL political parties - so the next few weeks and months should be interesting til we see what falls out of the tree. Im sure though blanch152, you'll find excuses where suits

maccored

KildareP wrote: »

Well, you see Francie, here's the problem.

Under the GDPR:
Sinn Fein were supposed to appoint a DPC - they didn't.
Sinn Fein were supposed to do a risk assessment - they didn't.
Sinn Fein are supposed to obtain consent if they are profiling individuals - remains to be seen whether they did this.

But now the DPC is investigating them, you tell us in the opening post that the GDPR is "too restrictive" and are in effect suggesting it should be done away with while simultaneously criticising the DPC for not being proactive.

It seems SF have done no wrong and can do no wrong in your eyes so I'm not sure we're going to get any further in this discussion!

Sinn Fein were supposed to appoint a DPC - they didn't. - they have
Sinn Fein were supposed to do a risk assessment - they didn't. - they have
Sinn Fein are supposed to obtain consent if they are profiling individuals - remains to be seen whether they did this. - this is gossip, and in fact in the program you mentioned earlier, it was agreed there was nothing to back this up