Working Title

Today, I wrote to Labour List and proposed to write an article for them.

I’ll take help on the title but currently working with “Privacy Law, canvassing and registered supporters”

Next year, 28th May, the EU’s General Data Protection Regulation comes into force. Among other things it will prohibit the storage and processing of canvass returns without freely given, informed and explicit consent. We will have to prove that consent has been obtained and be able to tell electors everything we know about them.

The simplest answer to these new compliance requirements is to extend the registered supporter arrangement, make it an ongoing contract so that the agreement can include privacy clauses. The ambition would be to extend the scheme to high proportions of our voter base. For this purpose, the fee would need to be low, nearer £3 than £25.

ooOOOoo

I should add that without some form of reform, the retention of the Registered Supporters data in the membership system is in my mind questionably legal, as it breaks the storage limitation principle. When compliance ruled that Registered Supporters could not be invited to member’s meetings, they made the sole purpose of holding the data the leadership election. This purpose was confirmed when the NEC required re-registration of the registered supporters at £25 in 2016; the consequence of such a decision to my mind negated the purpose of the original registrations.

Working Title

One long year

I am documenting my CPD’s and reviewing the contents of my LinkedIn blog and came across this, “The GDPR will become British law”, published last year where I predicted that the GDPR would be grandfathered into British Law via the proposed “Great Repeal Bill”.

What a difference a year and a general election makes.

I did not predict that since the GDPR has member state derogations and that the Government would bring a Data Protection Bill to Parliament. The fact they’ve lost their majority and are now frightened of loosing votes in Parliament is another motivation for sticking a big complex bill into the time table; iit burns time and one would hope that it can be uncontroversial so there’s no chance of loosing a vote, and even if they do, who cares, apart from people like me.

This could of course be a complete waste of time as it’s the courts which will decide what the law means and if we should leave then the issues raised here … will apply.

One long year

On the GDPR

The week before last, I attended the BCS legal day and have finally published my notes on what is now my essay blog. The priority was the coming General Data Protection Regulation. I prefer to write in a style recognising those who have informed me or changed my mind but the notes have been anonymised as I believe that the day was held under Chatham House rules,  The running order has been changed to make the story better and to conform to my preferred priority order, of principles, rights, obligations and enforcement.  The day consisted of two presentations, entitled “Key Issues”, “the Data Protection Officer” and one on trends in enforcement.

On the GDPR

Pragmatism

Are the ICO waking up, this seems a bit rough, … as it fines Flybe and Honda. There are two stories here, two large firms wanted to confirm that they had consents and so wrote to their list to ask if the consents remain in place …. they have been fined; the ICO considered this to be an un-consented bulk email. I wonder if it’s possible to perform this check legally.

Pragmatism

Restrictions

Just looking at my notes from the BCS Legal Day and while some are still hanging on for Brexit saving them from the GDPR, which it won’t, it becomes necessary to understand the wiggle room left by the GDPR.

Firstly, there is the competency limitations of Union itself, it cannot legislate for national & public security nor for the criminal justice system, these exclusions are stated in Article 23 Restrictions and also include (or exclude if that’s how you see it), the management of professions and the pursuit of civil justice. The Restrictions clause does however require the member state to act proportionately and respect the Charter of Fundamental Rights. In addition, there is room for national, member state, variances on the protection of employee data and the definition of public sector, impacting the need for a DPO.

Restrictions