Unofficial sites that are processing personal information to secure visa renewal appointments for immigrants in Ireland have defended their use of personal data and say they are not violating GDPR (General Data Protection Regulations).
Numerous Facebook pages, websites and phone apps have appeared in recent years offering foreign nationals the chance to skip the queue in applying for an appointment with the Irish Naturalisation and Immigration Service for a price of up to €40.
These operators started appearing after an online visa-renewal system was introduced in September 2016. The sites block-book slots and sell them off at a profit to immigrants desperate to secure an appointment before their visa expires.
The Department of Justice initially responded to reports of block-booking by internet bot programmes by introducing software changes to the system. In December 2018, it confirmed that the current online system would be replaced this year.
Meanwhile, thousands of people are registering personal information, including passport details, dates of birth and phone numbers through sites that could leave their sensitive data at risk of being harvested and further disseminated without users’ permission. Those unwilling to go down the informal route continue to face long delays.
Asked to comment on the use of personal information by these sites, the office of the Data Protection Commission warned that organisations processing personal data must ensure they collect only "the minimum amount of personal data necessary to conduct their business", that the data kept is accurate and that an "appropriate retention period" is in place to ensure the information is not kept any longer than is necessary.
“Organisations that process personal data have certain obligations under the GDPR which requires them to be accountable and transparent with service users,” said a commission spokeswoman.
Operators behind the informal visa booking systems claim all information is deleted as soon as a slot is secured and say the process does not breach GDPR. However, they refused to provide a breakdown on how the booking process works.
Renan Danton’s GNIBot Facebook page, which he set up in 2017 after he struggled himself to secure an appointment, has more than 7,650 followers. The Facebook page links to gnibot.com, where users are asked to fill out a form with personal details. Mr Danton maintains he is not violating GDPR rules as “all consumer information is deleted after the appointment is made or when the consumer cancels the service”, while the appointment email is sent directly to the customer’s inbox.
Asked to explain how he block-books through the official system, Danton, who charges €15 per appointment, refused to reveal his method.
“If I say that to you I’ll have 100 competitors tomorrow. My business is handmade appointments for people who register on my website. Basically they’re paying for our time to stay in front of the computer to make the appointment for them.”
Ravi, the administrator of the Gnib and Visa Appointment Facebook page, also argues that the personal information he processes is safe.
“We do not store anyone’s information; it’s deleted accordingly,” he told The Irish Times through Facebook messenger. “There’s no chance of infiltrating any information – [it’s] properly encrypted and protected.”
The Gnib and Visa appointment page has nearly 2,800 followers and charges €30-€40 to secure appointments. A post at the top of the page notes that the services offered “is not an official service”.
A spokesman for the Department of Justice said it was aware of the long delays in the appointment system but urged foreign nationals not to provide sensitive personal data “to unregulated agents”.
“We ask that customers bear with us and we continue to encourage all customers to make their appointments using the INIS online appointment system,” he said, adding that efforts were being made to resolve the delays.
Asked when the new system was expected to launch, he said the tender process was ongoing.