Rossa McMahon Profile picture
Solicitor / Notary Public | @pgmsolicitors |@coissionnadcu | @FleadhNaMumhan | @EigseMHartnett | @adventuresii
Jan 13 8 tweets 2 min read
This is a thread with some reactions to reading the DPC decision on Limerick's CCTV systems. A few points:

- the decision is comprehensive and methodical;
- it should be required reading for legislators and large data controllers (particularly State bodies)
- it is damning. There is an element of everything-that-could-go-wrong-going-wrong and, in fact, what it reveals is much worse than what I had feared or suspected. As Fergal says:
Jan 13 23 tweets 6 min read
One of the issues I raised repeatedly was the use of Garda authorisations for community CCTV (the legislation being very limited). Reading the DPC decision this was a clear issue. DPC found that Garda authorisations were a good legal basis for 44 (LCC operates 401 cameras!).
Aug 31, 2019 5 tweets 3 min read
Yes @Slate, consent is not an "ethical rubber stamp".

But no, #gdpr does not "require companies to ask for consent prior to data collection processes".

Consent as legal basis seems to be one of the most persistently misunderstood elements of GDPR.… "We aren’t saying that consent has no place in this ecosystem. But it shouldn’t be the only way we let people make decisions about data protection."

Exactly! That's why GDPR has 6 legal bases for processing, one of which is consent. And consent is often not an appropriate basis.
Jun 30, 2019 11 tweets 4 min read
Finally read full article; situation with GMI worse than I thought.

GMI is engaged in highly sensitive data collection: harvesting genetic material on a population-wide scale. Its approach to doing so & lack of clarity/appropriate behaviour on foundational issues v. worrying. The attitude of the company is an even greater red flag.

I cannot understand why @roinnslainte (@SimonHarrisTD) & @NTMA_IE (@Paschald) have not long since paused the Government's $70m investment in GMI, why @DPCIreland has not stepped in with an urgent investigation.
Jun 20, 2019 5 tweets 2 min read
In November 2018 the Data Protection Commission helpfully obliged the Government by saying that community CCTV has a legal basis (required by GDPR) in section 38 of the Garda Síochána Act (once authorised). That statement now, predictably, relied on.… "Once the local authority in the administrative area concerned is willing to take on and deliver on its responsibilities as a data controller for the schemes concerned, there is no legal impediment under data protection legislation to the scheme commencing.”
Apr 14, 2019 9 tweets 2 min read
Kári Stefánsson was a director of GMI until last September. GMI has numerous overlaps with DeCODE Genetics, the company he founded in Iceland. He thinks medical privacy is not just overrated, but "morally unacceptable".… "I think it is completely unacceptable that you could demand service from the health care system at the same time as you refuse to have your information used to make discoveries."

Apr 14, 2019 5 tweets 1 min read
In October 2018 GMI reps met with DoH to discuss the Health Research Regulations. Look at the first sentence here, from this DoH memo of the meeting. Here’s the footnoted aside.
Jun 26, 2018 18 tweets 4 min read
I am trying to read the Data Sharing Bill. #dsbill

Why. Why is it like this?

"Base registry". "Base registry owner." It is not just the Data Sharing Bill, but the Data Sharing And Governance Bill.

The Governance part, one might have thought, is covered by the GDPR & DPAs. But no, it creates a shadow system.
Jun 25, 2018 14 tweets 5 min read
The State continues to be, imo, entirely disingenuous about the #psc rollout and is still pushing it through without proper legal basis or authority so that it reaches critical mass.

One thing is clear: they are avoiding any binding decisions on the PSC. #thread

📷: @DRIalerts You might recall that, since @RSAIreland backtracked on requiring #PSC for driving licences, passports are effectively the last non-social welfare holdout on mandatory/compulsory use.

This type of requirement is what takes it from mere "token" to de facto ID card.
Mar 5, 2018 7 tweets 3 min read
I’ve been quoted saying Limerick’s #cctv scheme uses tech akin to regimes like China. I don’t make comparison lightly - seems alarmist but is literally true.

Via @FredPLogue I see alarming prospect that deep learning & AI envisaged. This slide from a @LimerickCouncil update. Remember: this deep learning and AI would be overlayed on a network of cameras that count footfall, keep a record of the reg of every car passing (24hrs/day), can recognise faces and patterns.