THAT local conservative party questionnaire: data protection experts really don’t like it!

Another correspondent has added more information on that (now looking rather dodgy) questionnare being circulated by our local Conservative party. Perhaps time for a rethink on it Tories?

Owl is no expert on this but it seems a couple of experts agree! But then again Tories (ie Michael Gove) don’t like experts!

“As someone with 25+ years experience in IT and with specific knowledge of data protection, I would say that your correspondent is spot on with their analysis except for the following respects…

When you are collecting the data you need to provide a Privacy Policy which states explicitly which of the 6 legal bases you are relying on to legally store and process the data, and if you are relying on the Legitimate Interests basis, then you have to state explicitly what the legitimate interests are.

Whatever legal basis you are using, you need to be explicit about the purposes for collecting the data and the uses to which you are putting it. Future use of the data must be limited to the specific purposes you have declared when collecting the data.

If you are not relying on any of the 5 legal bases which do NOT require explicit consent, then you need to collect and retain proof of explicit consent having been given for the SPECIFIC uses you will put the data to.

It seems to me to be impossible for the Conservative Party to use 4 of the 6 legal bases: Contract (no contract being formed), Legal obligation (i.e. required by law), Vital interests (life saving) or Public Task (i.e. by a legally official role for a legally official purpose – example would be for processing Council Tax).

“Legitimate Interests” generally would be those interests clearly implied by e.g. the survey i.e. to statistically analyse the survey. However, collection of personally identifiable information does not seem to be necessary for the statistical analysis of the information, so that would not seem to be a Legitimate Interests for storing that. In any case, GDPR clearly states that if you are relying on Legitimate Interest then you have to state clearly in the Privacy Information accompanying the data collection exactly what your Legitimate Interest is.

Finally, political data (which this rather obviously is) is considered to be “Special Category” data, and this requires a far stricter interpretation of legal basis as defined in Section 9(2) of GDPR which has much tighter requirements for implied consent, and stricter requirements on gaining explicit consent.

My personal opinion, therefore, is that the collection of this personal data is illegal under GDPR for several reasons, and the Conservative Party should immediately be reported to the Information Commissioner for illegal processing of data.

P.S. “Special Category” data is also likely to require especially attention to security to avoid the risks of it being stolen or inadvertently shared (or indeed accessed by even authorised people for uses beyond that for which it was collected), both during the initial collection of the data and in the subsequent storage and processing.

Indeed GDPR requires the Data Controller to have explicitly considered the security requirements for the data, and to be able to demonstrate this regardless of whether any data was lost or inadvertently processed.

It is possible that Conservative Central Office provides specially constructed IT infrastructure to allow the secure collection and processing of personally identifiable political data, but if not, then I would suspect that the local Conservative Association is very unlikely to have either the knowledge / skills / money to create such a secure environment, in which case they would be guilty of a further GDPR offence.”

Has the Grenadier contract been signed or is Councillor Stott confused?

According to Cllr Stott who has now stopped any more comments being made on her post on the Exmouth Community page the Grenadier EDDC agreement has already been signed although she appeared to correct herself as the post went on:

Pauline Stott to Deborah Russell
Yes was signed this week

Deborah Russell to Pauline Stott
This is interesting to know because according to Devon Live an agreement has not yet been signed. Please advise where you have your information from?

Pauline Stott
We were told at the Cabinet meeting that it would be sign (sic) this week

Deborah Russell to Pauline Stott
Great news when do we get to see a copy of it?

Pauline Stott Of what?

Deborah Russell to Cllr Pauline Stott
the agreement.

Pauline Stott
What for do you ask (sic) to see all agreements the Council make

Deborah Russell
So that in an open and transparent democracy everyone is privy to how and why this community asset was gifted.

Pauline Stott You can ask the Council under freedom of information

Deborah Russell Pauline Stott Will do and thank you.

Information Commissioner wants Freedom of Information Act extended to outsourced companies

“The Information Commissioner has called for the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR) to be updated to include organisations providing a public function.

In a report to Parliament, ‘Outsourcing Oversight? The case for reforming access to information law’, Elizabeth Denham said: “In the modern age, public services are delivered in many ways by many organisations. Yet not all of these organisations are subject to access to information laws.

“Maintaining accountable and transparent services is a challenge because the current regime does not always extend beyond public authorities and, when it does, it is complicated. The laws are no longer fit for purpose.”

She added: “Urgent action is required because progress has been too slow. It is now time to act. This report sets out solutions that can extend the law to make it fit for the modern age.”

Denham said the main aim her report was to make an evidence-based case to extend the reach of FOIA and the EIR “to enable greater transparency and accountability in modern public services, which in turn improves services”.
The Commissioner said in the report that she would welcome a Parliamentary Inquiry via a select committee into the issues raised. The ICO has submitted the report to the Public Accounts Committee (PAC) and PACAC for their consideration. …”

http://www.localgovernmentlawyer.co.uk/index.php

“£40k spent hiding how rarely northern powerhouse minister visited north”

“The government has spent two years and £40,000 of taxpayers’ money trying to hide how little the northern powerhouse minister visited the north of England in his role, in what one prominent northern figure called “a blatant disregard for the principles of democratic accountability”. …

The Information Commissioner’s Office then undertook an investigation, during the course of which it found that the department adopted “what appears to have been a strategy of wilful procrastination in order to obstruct a request for information”.

The DCLG appealed against the decision to the first-tier tribunal of information rights, where in early 2018 Judge Hazel Oliver ruled that the department must hand over Wharton’s diary.

From start to finish, the process took 26 months. …

Hidden in 111 pages of internal DCLG emails relating to the FoI request is a document headlined “Official – Sensitive” dating from March 2016 which includes official advice stating “there is a strong likelihood of a decision to withhold the requested information … being overturned”.

Legal experts are unimpressed. “It sounds like a classic: they knew they were likely to lose and still wasted time and money on it, and come out looking even worse,” said Paul Bernal, senior lecturer in law at the University of East Anglia.

Manchester-based data protection consultant Tim Turner said: “Departments have shown time and again that they’re very secretive about who ministers meet and what they do, and spending £40,000 to hide it doesn’t seem close to the spirit of open government.”

The information that the government tried to suppress for two years shows that Wharton rarely left London as part of his role as the north’s representative in government.

Of the 693 lines of entries in Wharton’s ministerial diary, just under half contain identifiable addresses or office rooms in the “Location” column. Ninety percent of them are based in London. …”

https://www.theguardian.com/politics/2018/sep/27/government-hid-details-of-northern-powerhouse-minister-james-wharton-visits-to-the-north

“Jobcentre Staff Told By DWP Not To Record Number Of People They Send To Foodbanks”

“Jobcentre staff are told not to keep a record of the number of people they direct to foodbanks, despite appearing to send thousands of people to charities providing food parcels to hard-pressed families.

A directive, issued by the Department of Work and Pensions (DWP), tells staff they must not use the term “referral” or “voucher”, and should not keep any record of the number of people they “signpost” to foodbanks.

Critics have urged the Government to halt the practice as ministers have used the lack of records to dodge questions about the impact of welfare reforms.

The revelation also indicates how charities are being relied upon to support the benefits system, but not to what extent. One major food bank charity says it hands out nearly 60,000 food parcels every year as a result of “signposting”.

The Whitehall department’s so-called ‘Operational Instructions’ were obtained following a Freedom of Information request in February which asked for details on what staff are told to do if people ask for food aid.

The instructions state that instead of offering referrals or vouchers to claimants, Jobcentre staff must only offer “signposting slips”.”

In bold letters, the instructions say: “The signposting slip must not be referred to as a Foodbank Voucher.”

The only time Jobcentre staff are allowed to keep track is if the foodbank makes a request, the instructions reveal. …”

https://www.huffingtonpost.co.uk/entry/foodbanks-records-jobcentre-dwp_uk_5b61c1bde4b0b15aba9ebcc9

“Consult on extending FOI to private sector providers of public services: watchdog”

Owl says: can’t come a moment too soon for EDDC, Ccou table/Integrated Care System companies and our Local Enterprise Partnership!

“The Committee for Standards in Public Life has called for a consultation on whether the Freedom of Information Act should apply to private sector providers where information relates to the performance of a public service contract.

In its latest report, The Continuing Importance of Ethical Standards for Public Service Providers, the CSPL said there had been little real progress on measures to enforce ethical standards in outsourced public services.
It urged the government, service providers and professionals to do more to encourage robust cultures of ethical behaviour in public service delivery.
Lord Bew, Chair of the Committee on Standards in Public Life, said: “From waste disposal to health care and probation services, all kinds of public services are routinely supplied to many of us by private or voluntary sector organisations, paid for with public funds – accounting for almost one third of government spending in 2017.

“The public is clear that they expect common ethical standards – whoever is delivering the service – and that when things go wrong there is transparency and accountability about what has happened.”

Lord Bew said that, “disappointingly”, very little progress had been made on implementing the recommendations in the CSPL’s 2014 report, Ethical standards for providers of public services. He added that evidence showed that most service providers needed to do more to demonstrate best practice in ethical standards.

“In particular, we remain concerned over the lack of internal governance and leadership on ethical standards in those departments with significant public service contracts. Departmental and management boards spend little, if any, time considering ethical considerations and tend to delegate such issues ‘down the line’. Those involved in commissioning and auditing contracts remain too focused on the quantitative rather than the qualitative aspects of their role. And departments lack clear lines of accountability when contracts fail,” the CSPL’s chair said.

He added: “While many service providers have developed a greater awareness of their ethical obligations in recent years, partly due to the high-profile failure of some organisations to adhere to these standards, some remain dismissive of the Nolan Principles or adopt a ‘pick and mix’ approach, which is not in the public interest. And many service providers continue to expect that setting and enforcing ethical standards remain a matter for government alone.”

Lord Bew said the committee remained of the view that more must be done to encourage strong and robust cultures of ethical behaviour in those delivering public services. “To that end, the Committee reaffirms the recommendations made in its 2014 report and has made a further set of more detailed, follow-up recommendations to address particular issues of concern.”

http://localgovernmentlawyer.co.uk/index.php?option=com_content&view=article&id=35218%3Aconsult-on-extending-foi-to-private-sector-providers-of-public-services-watchdog&catid=59&Itemid=27