Political parties and GDPR

[Donny osmond]

A minor stooshie has blown up in Scotland that raises one particular question, I wonder if the combined intellect of RR could answer?

A member of public is claiming to feel threatened after a politician told her she was on some sort of database or list as someone who is aggressive to canvassers from that particular party.

I can understand that parties would keep such lists, but I was under the impression that any organisation that holds data on members of the public has certain legal obligations? Aren't we supposed to know, and give our consent to, what data they hold, why they hold it and how long they will hold it for? How can political parties hold data on us without our knowledge or consent?

Sent from my CPH1951 using Tapatalk

[Puja]

A minor stooshie has blown up in Scotland that raises one particular question, I wonder if the combined intellect of RR could answer?

A member of public is claiming to feel threatened after a politician told her she was on some sort of database or list as someone who is aggressive to canvassers from that particular party.

I can understand that parties would keep such lists, but I was under the impression that any organisation that holds data on members of the public has certain legal obligations? Aren't we supposed to know, and give our consent to, what data they hold, why they hold it and how long they will hold it for? How can political parties hold data on us without our knowledge or consent?

Sent from my CPH1951 using Tapatalk

Speaking as someone who works in Financial Services, you're really not wrong. Data can only be held with the permission of the person involved and only for the purposes originally declared. If she has said, "I don't want you sending any more people to my home," then that's sort of implied consent (although the law does say it should be an active choice, not assumed), but if she just enjoys arguing vituperatively with them and they've taken it upon themselves to put her details down, it could be problematic.

Mind, it does depend how they've done it - if they've just takne her address off their list of "houses to tap up", that's fine, whereas if they've got her name and address on a list, that's a problem.

Puja

[Donny osmond]

A minor stooshie has blown up in Scotland that raises one particular question, I wonder if the combined intellect of RR could answer?

A member of public is claiming to feel threatened after a politician told her she was on some sort of database or list as someone who is aggressive to canvassers from that particular party.

I can understand that parties would keep such lists, but I was under the impression that any organisation that holds data on members of the public has certain legal obligations? Aren't we supposed to know, and give our consent to, what data they hold, why they hold it and how long they will hold it for? How can political parties hold data on us without our knowledge or consent?

Sent from my CPH1951 using Tapatalk

Speaking as someone who works in Financial Services, you're really not wrong. Data can only be held with the permission of the person involved and only for the purposes originally declared. If she has said, "I don't want you sending any more people to my home," then that's sort of implied consent (although the law does say it should be an active choice, not assumed), but if she just enjoys arguing vituperatively with them and they've taken it upon themselves to put her details down, it could be problematic.

Mind, it does depend how they've done it - if they've just takne her address off their list of "houses to tap up", that's fine, whereas if they've got her name and address on a list, that's a problem.

Puja

I thought as much. From the video she's secretly taken, the local MSP is talking to her while she's in her car telling her she's on a list as someone known to them, so it suggests he knows her name is on a list, which seemed a little dodgy to me.



Sent from my CPH1951 using Tapatalk

[Sandydragon]

Data can be held without consent, but there have to be clear reasons for doing so. If you cannot show definitively that you can apply one of the acts legal requirements to hold information, ie a contract or legislative requirement, then you are required to obtain consent.

A database of people who have pissed you off is unlikely to fall into any of those categories and it would be interesting if the person sent a data subject access request to establish what information is held. The ICO seems to be enjoying itself at the moment so I’m sure they would be interested.

Presumably the list has been maintained as a result of communication sent by individuals, so I’d be interested to see if there is a privacy notice covering those interactions.

[Puja]

Data can be held without consent, but there have to be clear reasons for doing so. If you cannot show definitively that you can apply one of the acts legal requirements to hold information, ie a contract or legislative requirement, then you are required to obtain consent.

A database of people who have pissed you off is unlikely to fall into any of those categories and it would be interesting if the person sent a data subject access request to establish what information is held. The ICO seems to be enjoying itself at the moment so I’m sure they would be interested.

Presumably the list has been maintained as a result of communication sent by individuals, so I’d be interested to see if there is a privacy notice covering those interactions.

Truer words never spoken. Deservedly so, as there are a lot of people who have previously been taking the piss, but you do get the feeling that they're taking a perverse glee in slapping people who aren't taking them seriously.

Puja

[Sandydragon]

Are they ever and I’m all for it. Some companies took the piss because to be fair, £500K was chicken feed to big companies. 20mil Euro or 4% of turnover is a totally different proposition.

Hopefully the Brexiteers don’t scrap it; it’s giving some power back to the individual over how their data is used.