Sinn Féin must tell voters about its election database, says watchdog
The report says that Sinn Féin' database, which takes up a chapter of the document, is legal but said that voters should be told about it.
Voters should be told of Sinn Féin's Abú system by "means of canvassing and electioneering literature", the Data Protection Commissioner has found.
The Commissioner undertook an audit of data protection by political parties earlier this year after the Sinn Féin database came to light. The audit, published today, finds that Sinn Féin is "the only political party in Ireland that maintains a database that encompasses electors'/voters' data from all parties across that State".
The report says that the database, which takes up a chapter of the document, is legal but said that voters should be told about it.
"The audit of Sinn Féin considered in detail the matter of the legal basis for the Abú database and found it was not necessary to make recommendations in that regard. However, one of the main data protection concerns that arose related to transparency and a recommendation was made in particular with regard to drawing attention to the existence of the Abú database by means of canvassing and electioneering literature."
The report says that Abú data is built on register of Electors data obtained from the relevant city or county council, marked Register data obtained from the Registrar of Dáil Éireann or the local authority (depending on the election) and canvass data which is received from canvassing activities.
Canvass Data, which is derived primarily from door-to-door canvassing, is recorded against the voter record on a scale of how likely the person is to vote for Sinn Féin ranging: Hard Support, Soft Support, Transfer, Strong Opposition, Unknown or Not In.
However, the DPC also notes that less than 6% of voters have their support marked in the database.
"Having inspected the Abú database, the Authorised Officers noted that the total number of eligible voters that are marked as to their political opinions is currently approximately 5.85% of the overall number of voters on the database. In other words, data in respect of approximately 94.15% of the eligible voters shown on the Abú database is combined Register of Electors and Marked Electoral Register data without any indicators as to the political opinions of those electors/voters.
"The Authorised Officers established that the Abú database is not used to keep a record of representations made by constituents or members of the public on political or personal matters and they were told that it is not a database of comments made or of actions to be done.
"Access to the database is strictly limited to trained users. Access is determined centrally by the database administrator. Access is controlled by geographical determinations and can be established on the basis of constituency through to townland (street) level on a granular basis."
No evidence was found during the audit that suggests that Sinn Féin has been using its social media presence, or its activities on social media platforms, to obtain or otherwise process personal data to enrich either the Abú or the party membership databases.
The report makes 80 recommendations for parties across the board, but its authors say that they have two additional concerns.
"Data processing activity in relation to the Abú database commenced in September 2019 but a data protection impact assessment was not conducted by Sinn Féin until April 2021.
"The privacy policy for the Abú database was first published on the Sinn Féin website in April 2021. Prior to its publication, no information was made available to electors/voters in any format to comply with the transparency requirements in the GDPR."
On the issue of internal polling, seven political parties were found to have conducted market research or opinion polling through the deployment of their own members, supporters or activists.
The DPC said that it was "satisfied from the findings of the audits that no personal data was processed during those activities by the political parties concerned and, on that basis, no data protection concerns arose for further consideration by the DPC".
However, the DPC did recommend that Áontu not require participants of online surveys to fill in personal data.
It found the party had four survey pages set up on its website and four Facebook posts were created on an Aontú-branded Facebook page. Personal data was collected i.e. names, email addresses, ages and gender. Aontú confirmed that personally identifying information was removed and the survey results were pseudonymised and aggregated into graphs.
The DPC said: "The DPC recommends that in the event that Aontú carries out further online surveys in the future that it avoid the requirement for participants to submit personal data so as to ensure full compliance with the principle of data minimisation in Article 5(1)(c) of the GDPR."
The DPC found that Fianna Fáil; Fine Gael, the Green Party and, Sinn Féin, had used marked copies of the electoral register and made recommendations on the subject.
It said that Fianna Fáil should update its privacy policy if using marked registers and that Fine Gael’s Privacy Policy "should include information concerning the processing of personal data that it undertakes in relation to the information contained on the Register of Electors and on the Marked Electoral Register".
CONNECT WITH US TODAY
Be the first to know the latest news and updates
