DPC found that Garda authorisations were a good legal basis for 44 (LCC operates 401 cameras!).
Aug 31, 2019 • 5 tweets • 3 min read
Yes @Slate, consent is not an "ethical rubber stamp".
But no, #gdpr does not "require companies to ask for consent prior to data collection processes".
Consent as legal basis seems to be one of the most persistently misunderstood elements of GDPR.
"We aren’t saying that consent has no place in this ecosystem. But it shouldn’t be the only way we let people make decisions about data protection."
Exactly! That's why GDPR has 6 legal bases for processing, one of which is consent. And consent is often not an appropriate basis.
Jun 30, 2019 • 11 tweets • 4 min read
Finally read full article; situation with GMI worse than I thought.
GMI is engaged in highly sensitive data collection: harvesting genetic material on a population-wide scale. Its approach to doing so & lack of clarity/appropriate behaviour on foundational issues v. worrying.
In November 2018 the Data Protection Commission helpfully obliged the Government by saying that community CCTV has a legal basis (required by GDPR) in section 38 of the Garda Síochána Act (once authorised). That statement now, predictably, relied on.
"Once the local authority in the administrative area concerned is willing to take on and deliver on its responsibilities as a data controller for the schemes concerned, there is no legal impediment under data protection legislation to the scheme commencing.”
Apr 14, 2019 • 9 tweets • 2 min read
Kári Stefánsson was a director of GMI until last September. GMI has numerous overlaps with DeCODE Genetics, the company he founded in Iceland. He thinks medical privacy is not just overrated, but "morally unacceptable".
"I think it is completely unacceptable that you could demand service from the health care system at the same time as you refuse to have your information used to make discoveries."
Apr 14, 2019 • 5 tweets • 1 min read
In October 2018 GMI reps met with DoH to discuss the Health Research Regulations. Look at the first sentence here, from this DoH memo of the meeting.
Here’s the footnoted aside.
Jun 26, 2018 • 18 tweets • 4 min read
I am trying to read the Data Sharing Bill. #dsbill
Why. Why is it like this?
"Base registry". "Base registry owner."
It is not just the Data Sharing Bill, but the Data Sharing And Governance Bill.
The Governance part, one might have thought, is covered by the GDPR & DPAs. But no, it creates a shadow system.
Jun 25, 2018 • 14 tweets • 5 min read
The State continues to be, imo, entirely disingenuous about the #psc rollout and is still pushing it through without proper legal basis or authority so that it reaches critical mass.
One thing is clear: they are avoiding any binding decisions on the PSC. #thread
You might recall that, since @RSAIreland backtracked on requiring #PSC for driving licences, passports are effectively the last non-social welfare holdout on mandatory/compulsory use.
This type of requirement is what takes it from mere "token" to de facto ID card.
Mar 5, 2018 • 7 tweets • 3 min read
I’ve been quoted saying Limerick’s #cctv scheme uses tech akin to regimes like China. I don’t make comparison lightly - seems alarmist but is literally true.
Via @FredPLogue I see alarming prospect that deep learning & AI envisaged. This slide from a @LimerickCouncil update.
Remember: this deep learning and AI would be overlayed on a network of cameras that count footfall, keep a record of the reg of every car passing (24hrs/day), can recognise faces and patterns.