Over the last number of weeks, Sinn Féin has come under fire for its voter database, Abú. The party has argued that the database is merely the electoral register, which all parties have access to. However, it has responded to inquiries from the Data Protection Commissioner and admitted they were in breach of two data protection laws.
The General Data Protection Regulation (GDPR) is a privacy and security law drafted and passed by the EU on May 25, 2018.
It imposes obligations on organisations that collect data related to people in the EU. Those who violate its privacy and security standards can be fined tens of millions of euro.
Every time you visit a website, or search for or buy something, use social media, or send an email, your data is shared.
Sharing data helps make life more convenient but your data belongs to you, so it's important it's used only in ways you would reasonably expect, and that it's safe.
Websites can collect information on you through cookies and sell your data to third parties who may want to target you with adverts, for political or commercial purposes. However, under GDPR legislation, you must give your consent for them to do so.
The data contained on the Sinn Féin database is a version of the Electoral Register, which contains a person's name, address, polling station, and the type of votes they are allowed to participate in.
Other political parties have claimed, however, that Sinn Féin has made modifications to the register in order to track voting intentions and uses social media to gain further insight into voters. Sinn Féin says this is not the case.
Really, it all depends on how the data is used and how you feel about it. Your voting intentions or political affiliations may be something that you're comfortable being known by people, but it also may not. The issue of personal data is just that — personal — and many people feel uneasy or entirely uncomfortable with access to it being given to people for purposes beyond which it was originally intended.
Others may feel as if the electoral register is already publicly available, so adding other data to it isn't a big deal.
Unsecure websites risk transmitting sensitive data to those for whom is not intended or having that data stolen. Cookies — small files sent to your browser by sites you visit — can shape a lot about your online experience, from the ads you are targeted with, to the kind of content you are served. This should only happen with your consent, but many websites still don't have cookie consent popups.
You have a right to ask anyone who is in possession of data what files they have on you specifically and to know how it is being used. This is called a Subject Access Request under section 15 of the GDPR. This is generally free, and a template of the letter to send is available on the Data Protection Commission's website.