Jennifer Bray: What's the story with Sinn Féin's voter database?
Party says its Abú canvassing system is the electoral register with additional markings
Sinn Féin Leader Mary Lou McDonald. Photograph: Gareth Chaney/Collins
Sinn Féin has denied it is falling foul of data laws by maintaining a sophisticated database which records a person’s level of support for the party and when they last voted.
The party has maintained its Abú canvassing system is merely the electoral register, which is made available to political parties and elected representatives for electoral purposes as a part of the democratic process.
The difference between the electoral register and the Abú system is the fact it contains additional markings on a voter’s political leanings.
Anyone with access to the system – and the party has not answered questions around who exactly can log in to the portal – can record whether there is “hard support” from a person, “soft support”, “strong opposition”, whether it is “unknown” or whether they were not in during a canvass.
Solicitor Simon McGarr, a director of Data Compliance Europe, has pointed out that Article 9 of the GDPR creates a general prohibition on processing data on people’s political opinions.
He says that while the national law – the Data Protection Act of 2018 – allows for the processing of personal data revealing political opinions where it is done in the course of electoral activities, this goes much further than what GDPR allows for.
In that instance, such processing of information is allowed only when “the operation of the democratic system in a member state requires that political parties compile personal data on people’s political opinions.”
“The political system has, until now, taken a taken an identity approach: if you are a party or electoral candidate, it was suggested that you are exempt in all your political data processing. But, in fact, the GDPR only allows for a limited and purpose-based exemption,” he said.
This is likely to be one of a range of issues that the Data Protection Commissioner will want to address in correspondence with Sinn Féin.
One of the first questions that will likely be asked will be the legal basis that the party is relying on to operate the system. It is understood the office is also particularly interested in the issue of user consent and knowledge.
Last week, the Sunday Independent reported that party officials are being told to use personal information posted on social media to identify voters’ home addresses.
‘Facebook is king’
Members are told “Facebook is king” and members should elicit more information from users so they can “tag them as social media engaged and follow up with a canvass on their doorstep”, according to an internal document.
This is another area the Data Protection Commissioner will explore in these preliminary talks with Sinn Féin, with questions likely around how it uses the data and if users are aware how their public data is being processed. A decision on whether a further investigation is needed could come as early as next week.
The Irish Times also asked Sinn Féin where exactly in the EU the database is hosted but the party declined to answer.
“All data is stored on servers based in the EU and handled in accordance with GDPR. We have received correspondence from the Office of the Data Protection Commissioner in relation to this and we look forward to engaging with them,” a spokesman said.
Liz Carolan, an executive director with Digital Action, said the lack of clarity around the issue shows the need for an electoral commission.
“This type of campaign technology is in widespread use in lots of parts of the world, and it was only a matter of time before it became a part of politics in Ireland. The issue here is that we haven’t planned for it, established if and how we want it to be used, and set up consistent rules for transparency and for what can and can’t be done,” she said.
Campaign tech could help with voter engagement and mobilisation, but there was far greater potential for misuse than in traditional campaigning, she noted.
“It is also often not transparent by default, like door-knocking or posters are, and parties naturally enough won’t want to give away their trade secrets in an election unless they are compelled to. As it stands, expenditure and activity outside of Ireland doesn’t fall under electoral rules, which isn’t practical in a digital age,” Ms Carolan added.