Sinn Féin should draw the attention of voters to the existence of its Abú electoral database the Data Protection Commissioner has said in a report published on Monday.
The database was created in 2019 and used to collect information on individual voting habits, political opinions and to help maximise election-day turnout.
It became the focus of media reports earlier this year and as a result, the DPC launched an audit 26 registered political parties to assess what information is being held and how.
“This should continue as standard practice for as long as the Abú database continues to exist.”
Of all of the political parties under audit only Sinn Féin keeps such a database, encompassing voter data from all constituencies across the State.
The report describes Abú as being specially designed to identify supporters “in order to get out the vote” on election days. It contains data from the register of electors and the marked electoral register and is supplemented by canvass information.
“The purpose of its use is to record a canvasser’s opinion of an individual’s likelihood to vote for Sinn Féin, with a view to ultimately increasing turnout of voters and convincing voters to support Sinn Féin,” it said. “It allows Sinn Féin to best direct scarce canvassing resources in areas of constituencies.”
Information stored from that drawn during door-to-door canvassing includes people’s voting status, level of support for the party and how likely they are to vote or transfer votes.
Limited data retention
However, the vast majority (94 per cent) of the eligible voter information on Abú is that relating to the Register of Electors and Marked Electoral Register, without any indicators as to their political views.
Access to the database is strictly limited to trained users, the audit said, and the retention of data is limited. For instance, after the next general election, personal data relating to the 2016 register and marked register will be disposed of. The maximum retention period is ten years.
Auditors said there was no evidence to indicate the party had used social media to obtain or enhance the information contained in its records.
The DPC has also recommended that by early next year, Sinn Féin demonstrates it has robust measures in place “to detect and alert it to anomalous and unauthorised activity on its servers and databases”.
The focus of the overall audits included the use of registers of electors and marked electoral registers; databases of voters; and an assessment of data protection impact.
It also looked at data protection officers in organisations where “core activities consist of processing on a large scale of special categories of personal data, such as data revealing political opinions”.
Only Fianna Fáil and Sinn Féin were required to designate officers, based on the volume of data they process. The Commissioner decided the appropriate threshold is 30,000 records of data subjects.
Both parties appointed officers and the report found no similar requirement applying to other parties because the level of data processing on political opinions remains below that threshold.
The audits found that most data processing related to personal information of party members and volunteers and the majority of recommendations are in respect of those records.