At Castlebridge we work with organisations in projecting the future consequences of their uses of data. A lot of the time this comes in the form of a DPIA ‘Data Protection Impact Assessment’, which organisations are obliged to undertake in certain situations under GDPR. The nucleus of the idea is to analyse the environment in order to mitigate against any unintended consequences before they arise rather than as they arise. This of course can apply to any proposed plan, both the Department of Social Protection and Donald Trump could do with a bit of it.
The Department of Social Protection is continuing with its challenge to the findings of the Data Protection Commission, where the Commission found it was misusing personal data in a number of instances. This is an ongoing waste of public funds on a massive scale and for the following reasons it reminds me of American President, Donald Trump and the need for DPIA’s.
Impact Assessments & Donald Trump, the angle is what?
The killing of the Iranian General Qasem Soleimani was classic Donald, tying in his dual likes of narrative: taking the initiative in relation to the media: is anyone talking about impeachment any more? And a clear good vs evil, personal narrative also. Check the Kim Jung Un, pen-pal love in. While also sitting nicely with his need to look like he is solving problems no matter what the reality is.
It appears that his Iranian engagement is working a little like the North Korean one which has preceded it. While he has gotten his wish with his ‘big moment’s’, one really must ask what has been achieved. While the assassination of General Soleimani was supposedly to show power and push back on Iran, it appears that it has had consequences which did not occur to him at the time he gave out his big order. Two of the main consequences are that
- The US has been asked to leave Iraq
- We are seeing now the beginnings of what may be called a simmering war
Are these not situations which he would have sought to avoid? Was he not looking to get the US out of wars? It does not seem like these were intended consequences, which occur when we do not look beyond our immediate goals as to what else might happen if we take any given action. NK are still making their bombs, testing devices, threatening to call Trump a Dotard as they please
If ‘the Donald’ thought through the full consequences of his actions before putting his small little finger on the big red button, he may have had pause for thought.
How does this relate to the Department of Social Protection?
Same can be said about the Department and the PSC in that if a proper Impact Assessment was undertaken in relation to the Public Services Card and all its proposed uses, someone may have put the brakes on the project a long time ago.
The reasons that the Commission gave in their decision against the PSC were pretty basic data protection points: You have no reason to keep the personal data. You have no reason to hold onto it forever. There is no legal basis to hold this personal data…..
If these points were highlighted early (i.e. undertake a DPIA) and taken seriously, the state could have been saved a lot of money a long time ago. But we are far away from that moment, which highlights the second Trump-like reflex being shown. Why are the Department and the Government continuing to fight this?
The basis of the departments appeal is apparently of a procedural nature, meaning that if successful not much will have changed given that GDPR and the Data Protection Act 2018 will still exist, and the Public Services Card will still fall foul of it.
It was always the case that someone was going to have to bring the first big fight against the DPC. The question has to be asked why is that a government body, backed by the government, is the one to do it. Especially when they were so clearly in the wrong. While one can only speculate why the government has given it’s backing to the appeals process. The only plausible reason for proceeding on behalf of the Department that I can see is pure bull-headedness/a desire to see exactly what will happen when you decide to pull the Commissioners tail.
Given our new-found cosiness with the EU and our central role in the enforcement of GDPR Europe-wide, does no one in government find this all a bit embarrassing?
It should be clear to all involved at this stage that while the Department may feel it has a chance of winning the battle, it will certainly not win the war. In fact, given how much has been spent on it thus far, it may have lost already. There is no clear rational reason which can be put forward to back the continuation of this process. It is in the public interest to pull the plug on this project, learn some important lessons and move on.
An Impact Assessment undertaken by the Department a long time ago would have saved a lot of time and money. It’s not too late to even have one now.