This is the start of what may be a long-winded investigation.
The Independent Group have only been in existence for a week yet they managed to create years worth of Buzzwords, party lines and propaganda. Whether it’s sabotaging Jeremy Corbyns career or destroying Brexit, they are not shy about making a lot of noise about their future political aspirations.
What TiG (The Independent Group) have not been so forthcoming about has been the reports of ‘data theft’ from the Labour party, who’s ex-labour members had full access to the Parties canvasing systems, leading to the Labour party putting the system offline to prevent further access.
A spokesperson from Labour Said “The UK’s Labour Party has been forced to lock down access to membership databases and campaign tools over concerns the info was being sucked up by breakaway MPs, in a possible breach of data protection laws” . This was followed by Labour Party secretary Jennie Formby commenting that Labour had “become aware of a number of attempts to access personal data” on its systems by “individuals who are not, or are no longer, authorised to do so”.
(Original report of the Incident)
My name is Stevie, and I am a person, a tenacious creator of media, a former Labour party member but more importantly, a member of the public, and with that in mind, the thought of a secretive group with aspirations of being a political power having my personal data, without my consent worries me.
GRPR legislation is very direct about how entities, companies, sole traders or political parties obtain, manage and process all of our personal data, these are rules which many if not all of us have to follow and abide by, with the threat of sacking of legal implications looming over those who ignore them.
Taken from the ICO (Information Commission), here are the basics of GDPR.
- The GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose Limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
- These principles should lie at the heart of your approach to processing personal data.
GDPR was created and rolled out to protect the public and business from Data theft and misuse of personal data. In the last few years, we have seen first hand what the misuse of personal data can do thanks to Cambridge Analytica and their ability to scrape information about people from Facebook before literally managing to use this to manipulate people into making ill-informed political choices, like Trump or Brexit!
With all this GRPR knowledge in mind, let’s go back to TIG and the headline of this article, has TiG breached Data protection rules, in short, yes, very much yes, in its most basic terms.
After reading the stories of ex-Labour MP’s potentially obtaining voter data from the Labour parties canvasing system I won’t lie, I got a bit scared. What did they know about me? what did the Tories know about me? … Who knows what about me??! I had to find out!
I began to investigate ALL political parties to find who controls their Data and how to make a Request. It turns out, that in most cases it was extremely easy to find out how to obtain any personal data they may hold, which is how GDPR is meant to work. Then I got to the TiG’s website, it turns out they have NO DATA OFFICER and no way to contact the group about how they obtain and manage personal data. When I found they had no Data officer and no GDPR contact information I did the only thing I could as a member of the public, and contacted ICO for more information and advice.
ICO was more than helpful (as always!) and very quickly it was confirmed that TiG was most definitely in breach of GDPR guidelines as they have given the public no way to find out what data TiG may hold about them and no way for anyone to request copies of data they may hold, which directly goes against the ICO principles of being ‘Lawfull, fair and transparency’.
After a lengthy phone call, the agent at ICO gave me some great advice… Did you know that you can make official GDPR ‘Subject Data Requests’ via Twitter? Well, according to ICO, due to the lack of transparency and Data officer contact information, and as long as it is done correctly (use a template), a request for Data via Twitter is acceptable and would be classed as an official ‘in writing’.
So that’s what I have done, and where this story ends for now. On advice from ICO, I have created an epic Twitter thread which contains 13 separate GDPR Subject Data requests, one to the group directly and one to every member of the TiG. This request had to be done as we have no idea who is in charge of TiG, we have no idea who their Data Officer is and due to the current worrying reports of ‘Data Theft’, I want to know what they, and every other political party knows!
You can follow the GDPR request thread below!
The Independent Group has no(GDPR) Data Officer and has no contact for this.
Find attached my OFFICIAL GDPR SUBJECT DATA REQUESTS for data held by TiG and its members. pic.twitter.com/6WMVXeGj9q
— Stevie #ABZ (@StevieCABZ) February 25, 2019
(More to come)