A simple search by locality and street on the Electoral Register gives names, addresses, and ID numbers of all the street residents. Photo: Shutterstock
Dr Francis Zammit Dimech teaches European Media Law at the Faculty of Laws and, considering the unit’s intensive reading list, he expects his students to be very familiar with the section of the European Union Acquis dealing with information society and media and the various EU conventions and directives regulating media.
So I find it hard to believe that he was not aware that sending personalised (first name and last name) electoral promotional material to first-time voters through the use of the electoral register without a clear and simple opt-out option informing the recipients of their right to object from receiving such information, is in breach of local and EU data protection laws.
Yet, I have become aware of numerous first-time voters from various locations around Malta, with no association to Francis Zammit Dimech, who received such personalised material from the self-proclaimed Media King himself, and when I examine the material carefully, nowhere is an opt-out option visible.
A typical case of “it’s not illegal unless you’re caught”, I suppose. Or better still, some are more equal than others in the eyes of the law. Or the typical non-accountability of Maltese politicians – take your pick.
Ignorance of the law is no excuse (although I’m sure Dr Zammit Dimech does not fall in this category), but in any case these requirements are clearly outlined in very simple language understandable even to the lay-person let alone lawyers, in a brochure entitled “General Guidelines on the Processing of Personal Data for Political Campaigning Purposes”, issued by the IDPC as revised two months ago (available online).
But that is not the grossest breach of our privacy rights. While looking further into the matter, I went on the online electoral register, only to discover that a simple search by locality and street gives names, addresses, and ID numbers of all the street residents, and hence of ALL Malta’s voters!
Who remembers the strict deadlines that local companies had to abide by to ensure that their use of personal data complies with the newly-introduced GDPR?
And the threats of sanctions which for breaches of the GDPR can reach up to €20 million or 4% of a company’s turnover? Our inboxes and SMS boxes where choked with emails and messages requesting our consent for a company’s use of data in a frantic rush to ensure compliance – most of us were clicking OK just to clear our mailboxes! Do such sanctions and deadlines apply only to private companies? Is Government exempt from compliance with the GDPR?Our ID number is personal data and exposing it on a public website is a serious privacy breach
Our ID number is personal data and exposing it on a public website is a serious privacy breach, specifically of Article 8 of the Data Protection Act (Cap 586 of our Laws).
It is unacceptable that the Electoral Commission breaches our rights, and even more heinous when considering that the Commission was established under no less than our Constitution, the supreme and ultimate protector of our rights!
How can we feel confident that our personal data is safe in the hands of our government, when the government itself breaches our privacy rights? Who will be held accountable for such a breach? This leads me to support a conviction I’ve built up over writing various law assignments and which I’ve expressed elsewhere – we are tops for transposing EU laws into our local laws, but we hit rock bottom when it comes to actually applying them, and this is clear across all areas of human rights, as local events show us regularly all too clearly.
PS: I urge you to send a complaint to IDPC about this serious breach of your privacy by visiting https://idpc.org.mt/en/Pages/contact/complaints.aspx.