The European Data Protection Supervisor (EDPS) has launched a data protection probe into the European Parliament for continued work with a US firm.
The firm in question, NationBuilder, processes data collected though websites run by the European Parliament for citizen engagement, though it has fallen short of European standards on data protection and privacy. This is the second reprimand handed to the European Parliament concerning NationBuilder.
The website placed under current scrutiny, thistimeimvoting.eu, collected personal data from more than 329,000 people who had an interest in European Parliament elections.
“Strong data protection rules are essential for democracy, especially in the digital age,” said Assistant EDPS Wojciech Wiewiórowski.
“They help to foster trust in our institutions and the democratic process, through promoting the responsible use of personal data and respect for individual rights. With this in mind, starting in February 2019, the EDPS acted proactively and decisively in the interest of all individuals in the EU to ensure that the European Parliament upholds the highest of standards when collecting and using personal data.”
Although the details are relatively thin for the moment, the EDPS has issue involving the selection and approval of sub-processors used by NationBuilder. The sub-processors have not been named, though the EDPS has stated Article 29 of Regulation (EU) 2018/1725 are the rules in question.
Considering Europe’s position atop the data protection and privacy high-horse, this should be seen as quite an embarrassing incident. The European Parliament has taken a very condemning approach to those who flirt with data protection and privacy regulations, most notably Facebook and Cambridge Analytica. With this announcement from the EDPS, it does not appear the bureaucrats are listening to their own condemning words.
The collection and application of personal information surrounding elections is of course a very relevant topic today, not only because of numerous scandals and accusations, but also some very high-profile events on the horizon. Not only is the UK’s General Election taking place in a matter of weeks, the threat of a second Brexit referendum is a possibility, while campaigning for the US Presidential Election will hit full-steam over the next couple of months.
Posturing and rhetoric regarding the importance of data privacy and the application of data analytics in a responsible manner are more prominent than ever, but it seems to be nothing more than statements of intent. Data protection and privacy scandals will perhaps never be a thing of the past.