Is your data pro­tec­tion be­ing breached?

The Malta Independent on Sunday - - NEWS -

Re­becca Iversen The no­tion of clien­telism in Malta – be it by gov­ern­ment Min­istries or or­gan­i­sa­tions – has been rife and en­demic to the coun­try’s cul­ture for decades. How­ever, re­cent re­ports that have reached The Malta In­de­pen­dent on Sun­day say that mem­bers of the pub­lic have re­ceived calls from cer­tain gov­ern­ment min­istries in­quir­ing about their ‘gen­eral well-be­ing’.

One mem­ber of the pub­lic, a stu­dent, told this news­pa­per how last week he had re­ceived a call from Michael Far­ru­gia’s Min­istry of Home Af­fairs, ask­ing whether they could be of ser­vice, if he needed any help with any­thing or had any sug­ges­tions.

The stu­dent, who con­firmed that Far­ru­gia rep­re­sents his elec­toral dis­trict, asked the caller from where he had ob­tained his tele­phone num­ber. The re­sponse – af­ter some mum­bling from the woman on the phone – was that his num­ber had been re­trieved from the e-ID data­base.

Par­tit Demokratiku Deputy Leader Ti­mothy Alden re­cently raised con­cerns over such clien­telism with the Per­ma­nent Com­mis­sion against Cor­rup­tion, say­ing that he had also re­ceived a tele­phone call from the Min­istry of Home Af­fairs and had sub­mit­ted an of­fi­cial po­lice re­port on the mat­ter.

Speak­ing of the in­ci­dent that the stu­dent ex­pe­ri­enced, he also added that it had come to his at­ten­tion that even Data Pro­tec­tion laws may have been breached through the at­tain­ment of con­tact in­for­ma­tion.

En­vi­ron­ment Min­is­ter Hose Her­rera, in an in­ter­view with The Malta In­de­pen­dent on Sun­day, ad­mit­ted that, like ev­ery other Min­is­ter on the is­land, he had a cus­tomer care team. Emails re­vealed how for­mer Na­tion­al­ist min­is­ters, MPs, civil ser­vants, party can­di­dates and rep­re­sen­ta­tives of WasteServ, between 2009 and 2013 – un­der a Na­tion­al­ist ad­min­is­tra­tion, would of­fer jobs to spe­cific vot­ers. Her­rera stated that “it was hyp­o­crit­i­cal to crit­i­cise a gov­ern­ment be­cause it has a cus­tomer care struc­ture to cater for con­stituents when this has been the sys­tem for the past 100 years”, adding that a small pop­u­la­tion meant peo­ple ex­pected door-to-door treat­ment from politi­cians and that he would be a hyp­ocrite not to ad­mit that that was how the sys­tem worked.

“I’m used to the fact that the Min­istry would call peo­ple up for such a rea­son be­cause clien­telism reigns in Malta, but I was truly an­noyed when she ad­mit­ted that my tele­phone num­ber was ob­tained from the e-ID data­base,” the stu­dent com­plained to this news­pa­per.

“What has changed now is that mem­bers of the pub­lic are start­ing to ques­tion where this con­tact in­for­ma­tion is com­ing from,” he ob­served. It is not cer­tain if the e-ID data­base is be­ing used by Min­istries to con­tact mem­bers of the pub­lic for such ques­tions as this stu­dent expe- ri­enced, but if what he was told was cor­rect then this should raise more than a few eye­brows.”

In or­der to un­der­stand the sce­nario, let us as­sume that the woman rep­re­sent­ing a Min­istry speak­ing to a stu­dent made a mis­take. Let’s as­sume that the e-ID data­base was not used for con­tact­ing the stu­dent. Us­ing the case of the stu­dent who re­sides in Far­ru­gia’s dis­trict, in­for­ma­tion on him can le­git­i­mately be ob­tained from the Elec­toral Registry in which names, ad­dresses and ID num­bers can be ob­tained, but not tele­phone num­bers. How­ever, a name is suf­fi­cient for look­ing some­one up on, for ex­am­ple in the GO on­line directory or any other pub­lic directory. If this is the case, and a phone num­ber/mo­bile num­ber is avail­able from a pub­lic directory, then any­one that looks you up can call you. How­ever in this case, this stu­dent does not have any of his phone/mo­bile num­bers in any directory.

Ac­cord­ing to Sub­scriber Agree­ment for the e-ID ac­count, un­der the sec­tion of ‘Data Pro­tec­tion’, it clearly es­tab­lishes that the “Ser­vice Providers make use of such data for the pur­pose of pro­vid­ing the sub­scriber with the eSer­vice”. The full tran­script in the Agree­ment on Data pro­tec­tion for an e-ID ac­count is as fol­lows:

“Ac­cord­ing to the Sub­scriber Agree­ment for (a) the e-ID Ac­count and (b) the Cer­tifi­cates within the Na­tional Elec­tronic Iden­tity Card, un­der Data Pro­tec­tion this is spec­i­fied:

Data Pro­tec­tion: All per­sonal data shall be pro­cessed ac­cord­ing to the Data Pro­tec­tion Act, as well as any other ap­pli­ca­ble law or guide­lines pub­lished from time to time. The Regis­tra­tion Au­thor­ity shall trans­fer per­sonal data to:

(a) A Ser­vice Provider from whom the sub­scriber has re­quested an eSer­vice; and/or

(b) A Ser­vice Provider pro­vid­ing any one or more of the eSer­vices listed un­der “What Ser­vices are avail­able from the Ser­vice Providers” in the “Fre­quently Asked Ques­tions” sec­tion of the my­gov web­site.

The Sub­scriber hereby au­tho­rises such ser­vice providers to use such data for the pur­pose of pro­vid­ing the Sub­scriber with the eSer­vice. For all in­tents and pur­poses such Ser­vice Providers shall be con­sid­ered Data Con­trollers as de­fined in the Data Pro­tec­tion Act. The RA shall not trans­fer any per­sonal data to any other third party un­less with the Sub­scriber’s con­sent or in cases where the Regis­tra­tion Au­thor­ity is re­quired to dis­close such data by law. The Sub­scriber’s rights as a data sub­ject un­der the Data Pro­tec­tion Act shall ap­ply.”

For fur­ther clar­i­fi­ca­tion, the eSer­vices in­clude all the ser­vices pro­vided by the Gov­ern­ment on­line, with no men­tion of ‘cus­tomer care calls’ from gov­ern­ment en­ti­ties. There­fore such ‘cus­tomer care ques­tions’ by Min­istries do not ap­pear to fall un­der the um­brella of what the e-ID data is sup­posed to be used for.

Re­ports have also reached this news­pa­per of mem­bers of the pub­lic be­ing called up to at­tend last week’s Oc­cu­pyJus­tice and L-Aw­turi’s ‘Ac­tion for ‘Jus­tice and Truth’ protest in Val­letta. Ques­tions were raised as to from where these tele­phone num­bers were ac­tu­ally ob­tained, call­ing into ques­tion data pro­tec­tion and pri­vacy.

The ques­tion of a breach in data pro­tec­tion needs to be ad­dressed. It is clear that, ac­cord­ing to Ar­ti­cle 7 of the Data Pro­tec­tion Act, per­sonal data is only col­lected for spe­cific, ex­plic­itly stated and le­git­i­mate pur- poses. The Data Pro­tec­tion Act and – with ef­fect from 25 May, the Gen­eral Data Pro­tec­tion Reg­u­la­tion – ap­plies to all pro­cess­ing of per­sonal data, which there­fore also cov­ers the pro­cess­ing for e-id pur­poses. As a data sub­ject, we all have the right to ask what data is held about us, how it is be­ing used and for what pur­pose.

If a data sub­ject feels that his/her data pro­tec­tion rights might have been vi­o­lated, a com­plaint may be filed with the Of­fice of In­for­ma­tion and Data Pro­tec­tion Com­mis­sioner.

Have you ex­pe­ri­enced this too? Let The Malta In­de­pen­dent know if you have ex­pe­ri­enced sim­i­lar calls as the ones re­ported in this ar­ti­cle. ri­versen@in­de­pen­dent.com.mt

Newspapers in English

Newspapers from Malta

© PressReader. All rights reserved.