Contact Reform Act

[Baron Alexandreu Davinescu]

The Secretary of State recently pointed out that some people might not be aware of the current system, which was set up to respect personal privacy but also allow campaigning.  He also gave his opinion about current best practices:

I do still think that the best way to send unintrusive electoral communications and respect a citizen's right to privacy is through the Chancery, but I must comply with the law.

Maybe it is time to simply make the two-per-party Chancery forwards into the sole official way to do things?

[Sir Lüc]

I guess there's several points that come to mind:

1a. Unless I'm mistaken, I should say the Chancery's electoral comms forwarding service is nowhere in statutory law and essentially only available at election time, under the rules governing each individual election.

1b. If parties can just access the same mailing list themselves via D.8.5, why is the Chancery's electoral comms forwarding service even a thing, given that it is subject to rate limits, to the SoS having to get around to sending the mailers himself, and to the occasional controversy about (eg.) pictures disappearing and sending times?

2. What happens to parties that register/deregister? Are all parties deregistered and unable to access the D.8.5 mailing list on Dissolution, until they re-register? What happens to a deregistered party that uses data from the mailing list? (This ties into another area of urgent reform, which is party registration)

3. I guess my main issue with the current legislation is that nowhere in the law is the right of citizens to opt-out actually protected, and nothing mandates parties to inform citizens of this fact, nor to always use the most recent version of the database reflecting the most updated state of the contact preferences (both concerning which email address to use, and if a citizen is open to being contacted at all). Either way, informing all parties every time a citizen changes their preferences is definitely an undue burden on the Chancery.

[Baroness Litz Cjantscheir, UrN-GC]

I will not repeat the points I have already raised in response to the Secretary of State's original post on this matter, but I will follow up by saying the following.

First, the Secretary of State must comply with the law, but what I think has been forgotten in this discussion is that "the law" also includes the UK and EU GDPR legislation. The current database clearly contains the personal data of citizens who live in the EU and the UK, and my assumption is that the Secretary of State also resides within the EU. This means the GDPR applies in practice, regardless of Talossa's own internal status or legislation.

Part of the GDPR is that consent to share personal data can never be given unknowingly. Consent must be specific, informed, and freely given. The burden lies with the data controller, in this case the Secretary of State, to be able to demonstrate that each data subject was informed and freely gave consent for a specific type of data sharing. If there is any uncertainty about this, or if the Secretary of State believes that citizens may not have been fully aware of how their data was being shared, then the correct legal position is to assume consent was not given and the data should not be shared.

If a citizen consented for their data to be used by the Chancery to forward electoral communications, that cannot be taken to mean they also consented for their email address to be disclosed to third parties. We have no clear record that they opted in to such sharing as described in El Lex D.8.5.4.

Therefore, the core issue is whether the Secretary of State (allegedly) breaches GDPR obligations by complying with his interpretation of El Lex, or whether he recognises that GDPR, as binding law on anyone processing the data of EU or UK residents, must take precedence over Talossan law in matters of personal data protection. My own position remains that opt-in consent cannot be validly given if the data subject was not fully aware of how their information would be used.

Another concern is the potential for data misuse under the current system. As it stands, I could theoretically register a party tomorrow and, as a party leader, gain access to the database. There is nothing to prevent me from saving that information in an unencrypted spreadsheet on a personal laptop and keeping it indefinitely. Worse still (and there have been incidents of this in the past), I could then send a group email using the "To" field instead of "BCC", exposing every recipient's address to everyone else on the list. At that point, every person could download or copy those addresses and store them however they liked, completely outside the control of the Chancery. That would constitute a serious data breach under GDPR principles, and those affected would have little to no effective recourse.

Thus, getting back on the topic at hand, my ideas for reform would be twofold.

• Bring Talossan law in line with GDPR requirements.
  This would remove the conflict between the two systems. There should be clear opt-in and opt-out choices, with data subjects properly informed about how their information will be used, stored, and shared. Data should be encrypted, password protected, and automatically deleted after a set period. Citizens should also have the right to see what data is held about them and who has viewed or shared it.
• Limit party leaders' access to personal data.
  Ideally, leaders should not be able to see individual citizens' details. A shared email system could be created, such as citizens [at] talossa (dot) com, which distributes messages to consenting recipients without revealing their contact information. Bouncebacks or automatic replies could be routed to a no-reply address to avoid exposing anyone's data. This would achieve the same purpose of communication without compromising privacy or compliance.

My two bence on a quiet Saturday morning, 

-- Litz

[Baron Alexandreu Davinescu]

Well, we certainly don't want to force anyone to break the laws of their country of residence! And our privacy laws are something like 10 years old at this point, and it's been a long time since anyone really went through them to bring them up to date with current thinking.

As I can see it from this discussion, it seems like there's one principle we absolutely need to have:

We should write the consent forms for release of contact information only once everything else is set, once we're sure how that information could conceivably be used, to make sure that we are being very clear about what people are consenting to.

But there are a couple of questions that probably need to be resolved:

Should we put the Chancery forwarding system formally into law? That means there will probably need to be a couple provisions on how it is implemented fairly. I think that  two forwarded emails per campaign is a good amount, so we can probably keep that.

Do we want to consider also implementing a system to allow for other mailers? This to me is the big question. Do we really want to exclude the possibility of political messaging, invitations to cultural events, or the like? We've never really done this, but there's no real reason not to do things like email our citizens about the finale of TMT or something like that. There's a lot of people who would actually want to be notified about cultural events, I think.

Because these are two pretty fundamental questions, we should probably figure out what we want first, before we write legislation and figure out practical approaches like email groups. The results are going to look extremely different depending on the approach we take.

So what do people think? Do we want to formalize the Chancery system? Do we want to exclude all other mailers?

[Baroness Litz Cjantscheir, UrN-GC]

First, I agree that no one should ever be placed in a position where they are forced to break the laws of their country of residence. While El Lex governs the internal workings of Talossa, it cannot override the legal obligations that individuals have under their domestic laws. The Secretary of State must therefore comply not only with El Lex but also with the data protection laws of the EU or UK, since the Electorate Database contains the personal data of citizens from those jurisdictions. In practice, that means GDPR compliance is unavoidable.

On the point of consent, I also agree that the forms should only be drafted once the underlying system is settled. Under GDPR, consent cannot be retrofitted or assumed. It must be specific, informed, and freely given for a particular use. Until we know exactly how data will be used and who will have access to it, no consent can be validly collected.

As to whether the Chancery forwarding system should be formalised in law, my view is that it should. It is the most privacy-compliant method available and ensures that citizens' personal details remain securely within the control of the Chancery. Formalising it would remove ambiguity and guarantee a clear, fair process that protects both privacy and transparency.

Regarding the idea of other forms of communication, such as cultural or community announcements, these can still be achieved through a properly managed opt-in system. Citizens could choose to receive cultural or informational messages through Chancery-managed mailing lists that hide recipients' addresses. This keeps communication open while maintaining compliance with GDPR principles.

I have drafted a rough example of how this could be written into law:

[DRAFT] The Data Protection and Electoral Communications Reform Act

D.8.4. Data Protection 

D.8.4.1. Personal information such as, but not limited to, private mailing addresses, contact telephone numbers, private email addresses, given names, ages, dates of birth, and national identification numbers shall be held on file by the Chancery and shall only be accessed by the Secretary of State or The King, except where the citizen to whom the data relates has given explicit, informed, and freely given consent for such access or disclosure.

D.8.4.2 — Principles of Data Processing

The Chancery shall ensure that all personal data collected, stored, or processed by any body of the Kingdom complies with the following principles:

a. Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the citizen to whom it relates.
b. Purpose limitation: Personal data shall be collected only for specified, explicit, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes.
c. Data minimisation: Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
d. Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Inaccurate data shall be corrected or erased without delay.
e. Storage limitation: Personal data shall not be retained in identifiable form for longer than is necessary for the purpose for which it was collected.
f. Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised access, loss, or destruction, through suitable technical and organisational measures.
g. Accountability: The Chancery, as the data controller, shall be responsible for and able to demonstrate compliance with all of the above principles.

D.8.4.3. Citizens shall have the right to request access to any personal data held about them by the Chancery, to request correction of inaccurate data, or to request deletion of their personal data unless retention is legally required for citizenship verification or archival purposes.

D.8.4.4. All personal data shall be securely stored, encrypted when technically feasible, and automatically deleted or anonymised after two years of inactivity, unless required for lawful archival purposes.

D.8.4.5. Any unauthorised disclosure, misuse, or negligent handling of citizens' personal data shall be treated as a data breach, and reported immediately upon discovery or knowledge of such breach to the citizen to whom the breached data pertains and the Uppermost Cort, which may order appropriate remedies and sanctions.

D.8.5. Information Available to Political Party Leaders 

D.8.5.1. An Electorate Database shall be maintained by the Chancery for the purpose of enabling electoral communications.

D.8.5.2. The Database shall only be accessible to the Chancery for the purpose of forwarding electoral communications on behalf of political parties that are fully registered and have paid their registration fee.

D.8.5.3. Political parties shall not have direct access to the Electorate Database. Each registered party shall be entitled to submit up to XX electoral communications per election cycle, which shall be forwarded by the Chancery to all citizens who have opted in to receive electoral communications.

D.8.5.4. No personal data, including email addresses, shall be disclosed to political party leaders unless a citizen has given explicit, informed, and specific consent for such disclosure. Consent to receive forwarded communications shall not be interpreted as consent for direct data sharing.

D.8.5.5. The Chancery shall maintain an auditable record of all parties that have submitted electoral communications and the dates on which messages were forwarded.

D.8.5.6. The Chancery shall provide a simple and accessible mechanism for citizens to withdraw consent for the use or sharing of their personal data at any time. Upon withdrawal, the Chancery shall ensure that the data is no longer used for such purposes.

D.8.5.7. Additional information may only be added to the Electorate Database at a citizen's explicit request.

D.8.10. Chancery Forwarding and GDPR Compliance 

D.8.10.1. The Chancery shall be the designated data controller for all personal data processed in connection with the conduct of elections, referendums, censuses, or official communications.

D.8.10.2. The Chancery shall establish and maintain a forwarding system for electoral and official communications which ensures that:
a. Senders, including political parties, do not have access to citizens' personal email addresses.
b. Messages are distributed only to citizens who have provided valid consent to receive them.
c. All data processing complies with the principles set out in D.8.4.2.

D.8.10.3. If Talossan law conflicts with the data protection laws of a citizen's country of residence, the Chancery shall interpret and apply Talossan law in a manner consistent with those laws to the greatest extent possible. No officer of the Kingdom shall be compelled by Talossan law to act in a manner that would breach the applicable data protection laws of their country of residence.

D.8.10.4. The Chancery may, in consultation with the Technology Minister and the Uppermost Cort, issue regulations governing the technical and procedural aspects of this system, including encryption, password protection, and secure message forwarding.

D.8.10.5. The Chancery shall publish an annual Privacy Notice summarising the categories of data collected, the lawful bases for processing, and the data protection rights of citizens.

[Baron Alexandreu Davinescu]

D.8.5. Information Available to Political Party Leaders

D.8.5.1. An Electorate Database shall be maintained by the Chancery for the purpose of enabling electoral communications.

D.8.5.2. The Database shall only be accessible to the Chancery for the purpose of forwarding electoral communications on behalf of political parties that are fully registered and have paid their registration fee.

D.8.5.3. Political parties shall not have direct access to the Electorate Database. Each registered party shall be entitled to submit up to XX electoral communications per election cycle, which shall be forwarded by the Chancery to all citizens who have opted in to receive electoral communications.

D.8.5.4. No personal data, including email addresses, shall be disclosed to political party leaders unless a citizen has given explicit, informed, and specific consent for such disclosure. Consent to receive forwarded communications shall not be interpreted as consent for direct data sharing.

D.8.5.5. The Chancery shall maintain an auditable record of all parties that have submitted electoral communications and the dates on which messages were forwarded.

D.8.5.6. The Chancery shall provide a simple and accessible mechanism for citizens to withdraw consent for the use or sharing of their personal data at any time. Upon withdrawal, the Chancery shall ensure that the data is no longer used for such purposes.

D.8.5.7. Additional information may only be added to the Electorate Database at a citizen's explicit request.

Quick note here to mention that last week this was struck from the law by a PD.