(cntd)
– Striving Small Town Families,
– Struggling Older Families Throughout Ireland,
– Struggling Rural Families,
– Struggling Young Families in the Countryside,
– Deprived Rural Families,
– Deprived Urban Families 8/n pic.twitter.com/tPoJvB0SCT— Olga Cronin (@OlgaCronin) May 3, 2022
This morning.
The Irish Council for Civil Liberties (ICCL) has lodged a complaint with the Data Protection Commission over the processing and sale of personal data by GeoDirectory, a company operated by An Post and Ordnance Survey Ireland (OSI).
Via the Irish Council for Civil Liberties:
GeoDirectory sells location data about every Irish home, matched with intimate social demographic “GeoPeople” profiles about the income, life stage, and family status of the people who live in each home.
Over 2 million Irish homes and their residents are profiled in this way, under headings such as “striving urban singles”, “deprived urban families” or “struggling older families”.
ICCL has been able to buy data about people living across Ireland, including ICCL staff. These data are available to purchase by any company or organisation.
For example, GeoDirectory sells data to Experian, one of the world’s biggest data brokers. Experian then uses the data to set people’s credit ratings. Aviva, a major insurance firm, uses GeoDirectory data to set individual insurance prices and examine claims.
Marketing itself as having an “unrivalled location intelligence database”, GeoDirectory’s data comes from An Post, OSI and the Census, with GeoDirectory using the latter to create 14 separate social demographic profiles and assigning one to each household in Ireland. It is impossible to know how an accurate or inaccurate classification is potentially impacting a household.
ICCL’s Tech and Human Rights Officer, Olga Cronin, said:
“I was able to buy data about each of my neighbours, including their financial status, and whether they are single or not. This information is specially protected under EU law. But GeoDirectory is collecting, updating, storing and selling this data with utter ease and without consideration of GDPR. The company is also allowing businesses to identify the individual social demographic profile of everyone on their customer list by offering a service whereby they cross-reference a business’s customer list with that of GeoDirectory. This mass processing of every Irish household’s personal data without a legal basis or in adherence with GDPR cannot be lawful.”
I was about to transfer from Ulster Bank to An Post until this bombshell hit.
What the hell is one to do or where to go, Christ!
It’s time data retention was done away with unless you opted in so they can sell it or transfer it without your written permission
The world revolved before we had companies storing your data then flogging it without your knowledge
These companies make billions from information about us and it’s time it stopped
Put it into Bitcoin.
anything to squeeze a few more “cents out of us”
I hope heads roll for this move, outrageous carry on
The brass neck of them, somebody should be fired, but I’m sure they had unofficial agreement from GOV
If only we had a data protection commissioner
I have used Geo Directory for a number of purposes over the years- it is a very useful dataset. I am also a fan of the Eircode system btw, as it is far superior to the UK’s post codes because it allows for more granular analysis- which in this case may be a double edged sword.
Geo Directory is addresses only so individual names are never included. They CANNOT use data from other parts of An Post business like bank accounts- that would be completely illegal.
OSI holds little or no demographic information, so I suspect the real culprit here is actually the Census data. IMO- for An Post to be generating those categorisations of their own bat could leave them open to legal challenges.
Olga is correct- once it leaves An Post they have no control what it is used for and based on information of questionable accuracy, private companies can then use it to discriminate against certain groups of people.
If I may make another point- the difference between Eircodes and UK’s Post Codes is that Eircodes are unique to the individual address while postcodes is to a number of addresses, so this issue has probably not arose in the UK- at least not to this extent.
So Olga- if you are reading this (hello btw) a core question should be- what other countries use a system like Eircode, and how to they address such issues?
CSO don’t release personal or household level data.
They will tell you “in those 1000 houses there is XX% with an unemployment person” or “in those 956 houses, there are YYY with 2 or more cars”
That’s outrageous.
That’s more like it
This is criminal
details need to be provided before those conclusions can be reached.
how intimate is intimate?
I bet this is a nothing story.
Without names, down to the specific Eircode is as intimate as it gets
its pretty easy to match name and eircodes. I live at my house being being a fairly good example
If, for instance, Credit agencies profile you and mark you up/down based on your home location, it’s more than a nothing story.
Like if you live¹ in Tallaght versus Dalkey versus Finglas?
¹feel free to swap these three area as you feel fit.
Or even down to street level
More fool them, they should use more reliable data.
I doubt that would happen.
Could every and any citizen in Ireland query, for free, their own address and the attached data from Geodirectory?
You’d need to buy the Geo Directory data set- in which case it is for premise in the country.
If you have an Eircode, then your address is in it.
I call Fake News.
CSO doesn’t provide data at household level. They do it at minimum at DED (District Electoral Division – there are 3,440 DEDs in the state).
At a guess they (GeoDirectory) categorise every household within a DED to one of their their 14 profiles. It isn’t personal data, it is aggregate data – all the 600 houses in this area are “struggling older families”.
All ED’s have percentages of all categories, so if CSO only supply to ED level- how can those categories be any more granular than that?
That is my point. I don’t believe that they are getting more granular.
I’m guessing that GeoDirectory are labelling all houses in a particular DED into a single category.
You can then do a lookup of address X, and it will tell you it’s category; but if you check the house next door… it will be the same category..as will all the neighbours (within that DED)
‘Gerry Walker says that “the Census is the only reliable source for data for small areas”. And where does the CSO get its location information? – From GeoDirectory of course. CSO is the only organisation that can supply this information. These Small Areas are new and provide Census data at a much more granular level than was previously possible. Previously CSO only provided data at Electoral Division (ED) Level of which there are circa 3,400 however, there are 18,500 Small Areas. Small Areas give a consistent approach across the country with approximately a 100 address points per Small Area – and the source of the information about the address points and buildings for the Small Areas was GeoDirectory data.’
https://www.geodirectory.ie/success-stories/central-statistics-office
So Cian is wrong then- it is at a SA level.
Just reading that again- 100 points per SA * 18 500 SA’s= 1 850 000 properties.
18 500 land parcels which snap into each other and cover the entire country- upon which all Eircodes and addresses within each SA can be extracted from Geo Directory.
It doesn’t go down to Eircode level but it certainly is close enough to identify types of areas, and who knows what else data the Insurance industry has collated.
Personally, I don’t think it breeches GDPR myself, as it still does not identify individuals, but it certainly could have a negative impact on other things like home and car premiums.
Excuse me I am trying to be widdled off here!
I think we can rely on our Civil Sevice to ensure that the letter of the law is adhered to. I have full confidence that our Data Commissioner will say “Grrrrrrr!”
Well SOQ one thing is certain about the insurance industry is that they really are bottom feeders grubby little individuals
The data commissioner will do exactly what the industry tells him to do just like the insurance ombudsman dose
Why the hell do you think our insurance industry has been ripping off their policy holders for years