Share this page!

Rossa McMahon Profile picture
Twitter logo
13 Jan, 8 tweets, 2 min read
This is a thread with some reactions to reading the DPC decision on Limerick's CCTV systems. A few points:

- the decision is comprehensive and methodical;
- it should be required reading for legislators and large data controllers (particularly State bodies)
- it is damning.
There is an element of everything-that-could-go-wrong-going-wrong and, in fact, what it reveals is much worse than what I had feared or suspected. As Fergal says:
It is astounding that some of these issues were ongoing at the time they were under inspection, not least due to high-profile nature of the introduction of the GDPR and, to some extent, the fact that some (!) local residents drew attention to the issues.
I say it should be required reading for legislators (due to commentary on legal bases and consideration of some specific legislative provisions) and DCs, esp DPOs, for consideration of legitimate processing, DPIAs, transparency, proportionality etc.
The headline is the €110,000 fine but specialists will be interested in the breakdown - for example, €35,000 of that was a specific fine for rejecting SARs. This should be a warning to some.
The Deputy DPC responsible for leading the investigation described the decision this morning as making for "disturbing reason".

Highlights it was not the first report on LAs but stood out for extent of activity.

play.acast.com/s/60b372fb-6c9…
Makes similar points that I made earlier on the same radio show - failures in governance; the law is there to allow CCTV "but Limerick City and County Council have broken the law."
It's worth listening to the interview with Deputy DPC Tony Delaney for a sense of the regulator's attitude to Limerick City & County Council. Remarkably forthright in criticism of the Council and the elements that "disturbed" the DPC.

play.acast.com/s/60b372fb-6c9…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rossa McMahon

Rossa McMahon Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rossamcmahon

Rossa McMahon Profile picture
13 Jan
One of the issues I raised repeatedly was the use of Garda authorisations for community CCTV (the legislation being very limited). Reading the DPC decision this was a clear issue.
DPC found that Garda authorisations were a good legal basis for 44 (LCC operates 401 cameras!).
The Council relied on local Goverment legislation to justify cameras in housing estates, but the DPC found that the law does not “empower the Council to carry out surveillance in public places”.
Read 23 tweets
Rossa McMahon Profile picture
31 Aug 19
Yes @Slate, consent is not an "ethical rubber stamp".

But no, #gdpr does not "require companies to ask for consent prior to data collection processes".

Consent as legal basis seems to be one of the most persistently misunderstood elements of GDPR.

slate.com/technology/201…
"We aren’t saying that consent has no place in this ecosystem. But it shouldn’t be the only way we let people make decisions about data protection."

Exactly! That's why GDPR has 6 legal bases for processing, one of which is consent. And consent is often not an appropriate basis.
Choose legal basis that reflects the relationship and processing, consent is often not appropriate and if consent is difficult it's probably because a different legal basis is the right one - @ICOnews

ico.org.uk/for-organisati…
Read 5 tweets
Rossa McMahon Profile picture
30 Jun 19
Finally read full article; situation with GMI worse than I thought.

GMI is engaged in highly sensitive data collection: harvesting genetic material on a population-wide scale. Its approach to doing so & lack of clarity/appropriate behaviour on foundational issues v. worrying.
The attitude of the company is an even greater red flag.

I cannot understand why @roinnslainte (@SimonHarrisTD) & @NTMA_IE (@Paschald) have not long since paused the Government's $70m investment in GMI, why @DPCIreland has not stepped in with an urgent investigation.
Aside from hoovering up genetic material from Irish hospitals, GMI operates a high street presence, gathering up further genetic material in "exchange" for gimmicky health/fitness "metrics".

Remember GMI is a private company, not a State research org.

genofit.ie
Read 11 tweets
Rossa McMahon Profile picture
20 Jun 19
In November 2018 the Data Protection Commission helpfully obliged the Government by saying that community CCTV has a legal basis (required by GDPR) in section 38 of the Garda Síochána Act (once authorised). That statement now, predictably, relied on.

kildarestreet.com/wrans/?id=2019…
"Once the local authority in the administrative area concerned is willing to take on and deliver on its responsibilities as a data controller for the schemes concerned, there is no legal impediment under data protection legislation to the scheme commencing.”
However, section 38(2) says:

"The Garda Commissioner shall specify the areas within which, based on the information available to him or her, the installation and operation of CCTV is warranted for the purpose specified in subsection (1)."
Read 5 tweets
Rossa McMahon Profile picture
14 Apr 19
Kári Stefánsson was a director of GMI until last September. GMI has numerous overlaps with DeCODE Genetics, the company he founded in Iceland. He thinks medical privacy is not just overrated, but "morally unacceptable".

spectrum.ieee.org/biomedical/eth…
"I think it is completely unacceptable that you could demand service from the health care system at the same time as you refuse to have your information used to make discoveries."

Wow.
He does talk about data security in that Q&A, and elsewhere talks about the importance of protecting the data. But that is hard to square with the attitudes quoted above.

the-scientist.com/profile/master…
Read 9 tweets
Rossa McMahon Profile picture
14 Apr 19
In October 2018 GMI reps met with DoH to discuss the Health Research Regulations. Look at the first sentence here, from this DoH memo of the meeting.
Here’s the footnoted aside.
This is why GMI is important and needs to be tackled.

Health researchers and doctors with them are well funded and connected and make dramatic claims both about what they will achieve and what will be prevented by regulation.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @rossamcmahon has new unrolls!

Check out other threads from @rossamcmahon!

Read all threads by @rossamcmahon

:(