DRI’s Unchanged Position on Eircode
DRI has previously outlined concerns about privacy arising from flaws in the proposed National Postcode System known as eircode. We believe that the eircode project, as currently conceived, creates significant privacy and data protection issues.
There are also other issues with eircode, principally:
- Complexity: In other countries, codes are assigned in an orderly fashion, and as a result, houses and areas that are close to each other have similar (or the same) code. Under eircode, the codes are being assigned in a deliberately disorderly and random manner.
- Access: In order to make any sense of an eircode, a user will have to pay to access a commercially licensed database. As a result, postcode data will potentially be available to large organizations like big companies and political parties, but not small companies, small NGOs and independent political candidates.
- Secrecy: To date, there has been no consultation whatsoever about pricing for access to the database. Additionally, eircode’s establishment is governed by a 700-page contract which the government considers so secret, that they will not publish even a single paragraph of it, even after multiple FOI requests.
[space height=”20″]
Despite our unwavering concern over and opposition to eircode, it has been incorrectly implied that DRI endorses the eircode project.
Below is the timeline of DRI’s actual, documented engagement with this issue to date:
23 October 2014: DRI was invited to meet with Department of Communications, Energy and Natural Resources officials to discuss our concerns about eircode in advance of the department’s Privacy Impact Assessment.
29 October: DRI’s Antoin O Lachtnain met with the Department and laid out Digital Rights Ireland’s concerns about eircode. In no way could DRI’s litany of legal, technical and privacy complaints have been construed as supportive of the eircode proposal.
04 November: DRI followed up the meeting with a summary email, once again outlining our key concerns, this time in writing.
19 November: Patricia Cronin of the Department of Communications appeared before the Joint Oireachtas Committee on Transport and Communications to discuss the proposed eircode system. In her testimony, she stated:
On foot of our engagement with the Data Protection Commissioner, we have also undertaken a privacy impact assessment… to determine if there is a potential impact on anyone’s privacy. We have spoken to the National Consumer Agency, logistics companies and Digital Rights Ireland, with which we have had an in-depth conversation to see if there is anything in the proposal that might be considered to have an impact on anyone’s privacy. Broadly, they are satisfied with what we are doing. [Source]
20 November: Antoin O Lachtnain emailed the Department of Communications to express concern about Cronin’s statement in the Oireachtas. DRI also asked for a transcript of the comments; no written reply to this email was ever received. DRI received several telephone calls, however, and Antoin O Lachtnain was initially told that there had been no implication that DRI had endorsed the Department’s position. He was also told that no transcript was available.
25 November: In response to this testimony, DRI wrote to the Minister for Communications to reiterate our actual, stated position:
We have deep concerns about the Eircode initiative… We want to state clearly that we are not at all ‘satisfied’ with the postcode that has been designed or the implementation proposals. [Source]
Today’s Irish Examiner carried a story (No Watchdog Backing for Eircode) detailing some of the above timeline, and noting that “Senior civil servants are to face calls to appear again before an Oireachtas committee after a second organisation seemed to distance itself from suggestions that it was ‘satisfied’ with privacy provisions of the postcode to be launched this year.”
In reference to the second organisation mentioned both in the Examiner story and in Ms. Cronin’s testimony, the Competition and Consumer Protection Commission “has since said that while it did discuss a Privacy Impact Assessment with the Department, it did not say it was ‘satisfied’ with the measures; it did not discuss any data protection measures; and it never gave any endorsement of Eircode’s privacy measures.” [Source]
The question now arises: who were the other stakeholders consulted with by the Department? What feedback did they give and to what extent did they endorse the design and the proposed data protection measures? The Department of Communications has maintained that stakeholder response to Eircode has been largely positive; we invite the Department to enumerate who those positive stakeholders may be and to set out their expertise in data privacy policy.
Image Credit: Paolo Trabattoni