Electorate Database privacy issues (split from Census results)

[Sir Lüc]

The Chancery has now finished processing all changes resulting from answers to the mandatory questions (eg. changed email addresses and/or contact or privacy preferences).

I would additionally like to inform the general public that, last week, a registered political party requested access the Electorate Database as provided by Lex.D.8.5 and subsections thereof, which alerted me to an error I made interpreting that law.

The legislation itself is clear, but it seems I misinterpreted it, or misremembered it, while writing the last version of the General Election Rules and the Census forms as well: both refer to the electoral comms opt-in as only covering the Chancery's election-time forwarding service, and the former states in rule A.3 that parties may only receive those addresses which are public.

However, D.8.5.3 and D.8.5.4 clearly states the Chancery shall hand over all email addresses of people who okayed receiving electoral comms, irrespective of whether they wish their email address to be public.

I can only apologise for issuing a set of rules which was in breach of Lex.D.8.5, though that is moot as no party requested the Electorate Database, and for erroneously indicating in the Census that the electoral email opt-in only affected the Chancery's election-time forwarding service. I do still think that the best way to send unintrusive electoral communications and respect a citizen's right to privacy is through the Chancery, but I must comply with the law.

To those citizens concerned about privacy - protection of which remains a strong priority of this Chancery - I can issue two assurances:

• The Electorate Database is only accessible to "leaders of parties which have fully registered" as per D.8.5.2, which the Chancery holds to mean the leaders of the four parties sitting in the Cosă, before Dissolution, and the parties who have registered to the next Election and paid their fee, from Dissolution onwards;
• Citizens are free to opt out at any time as provided by D.8.5.7, and the Chancery will provide tools to do so automatically. The Chancery considers email addresses that are not public to be a citizen's private information, unlawful access/use of which is covered by Lex.A.7.3.3.

[Breneir Tzaracomprada]

I would additionally like to inform the general public that, last week, a registered political party requested access the Electorate Database as provided by Lex.D.8.5 and subsections thereof, which alerted me to an error I made interpreting that law.

I am not sure how a similar request is made but the Green Party publicly submits a request for access to the Electorate Database, as provided by Lex.D.8.5.

We also applaud the transparency of the Chancery in disclosing this request and informing the public of the interpretation error.

[Sir Lüc]

The Chancery will comply with both requests it received as soon as it has implemented the required Database functions for automatic dynamic export of the mailing list and for opting out by citizens (likely, in a matter of a few days.)

[Breneir Tzaracomprada]

The Chancery will comply with both requests it received as soon as it has implemented the required Database functions for automatic dynamic export of the mailing list and for opting out by citizens (likely, in a matter of a few days.)

Thank you

[Baroness Litz Cjantscheir, UrN-GC]

Thank you @Sir Lüc for your openness in explaining the situation and for recognising the oversight. Having looked again at both El Lex D.8.5 and the wording of the 2025 Census, I do have several concerns from a data protection standpoint.

The Census wording clearly stated that, if citizens consented, the Chancery would forward electoral communications to them. It did not say that email addresses would be released directly to political parties. Citizens, especially those living in the EU or UK, would have understood that their information would remain under the Chancery's control.

That creates a tension between El Lex and the principles of the General Data Protection Regulation (GDPR). Under Articles 4(11) and 7 of the GDPR, consent must be specific, informed, and freely given. Agreeing to receive electoral communications is not the same as agreeing to have one's email address shared with multiple third parties. The consent that was gathered referred to forwarding, not to disclosure.

The Chancery, as the body that collects and determines how citizens' data is used, would be considered the data controller under the GDPR. This carries legal responsibilities, including the need for a lawful basis for any processing, the application of data minimisation under Article 5(1)(c), and the duty to maintain security and accountability under Articles 5(1)(f) and 32. Once email addresses are distributed to several party leaders, the Chancery loses effective control over how that data is stored or used. This increases the risk of unauthorised retention, forwarding, or misuse. In such a situation, both the Chancery and the recipients could be considered joint data controllers for any misuse that occurs.

The principle of purpose limitation under Article 5(1)(b) is also relevant. Data collected to enable election communication must only be used for that stated purpose. Allowing the Chancery to continue forwarding messages on behalf of parties would meet this requirement while maintaining confidentiality and security.

This raises a couple of important legal questions, and on which I would be interested to hear the Chancery's response or viewpoint: if El Lex requires the Chancery to act in a way that conflicts with the data protection laws of a citizen's country of residence (in this case the EU or UK), does El Lex take precedence over the Chancery's obligations under the GDPR? Has the Chancery formally considered its obligations under the GDPR as the data controller, especially in light of how the Census questions were phrased?

Even if enforcement may be unlikely, the GDPR is binding law within the EU and UK. Any organisation, group, or individual involved in processing the personal data of EU or UK residents must comply with it. Even if El Lex directs disclosure, the Chancery would still remain responsible as data controller for ensuring that the processing is lawful and GDPR compliant.

It may therefore be sensible to pause before any release of data and consider a privacy-preserving interpretation of El Lex. An interim measure could be to email all citizens to explain the current situation and include an opt-in link allowing them to give explicit consent for their data to be shared with registered parties, along with clear information on how those parties will handle, store, and delete it. The longer-term fix would be to update future Census or data-consent wording so that it clearly states that opting in means disclosure to registered parties.

This would (I hope) resolve the issue going forward and bring the process in line with both Talossan law and GDPR principles.

My two bence on this quiet Friday evening,

-- Litz

[Miestră Schivă, UrN-GC]

The Chancery will comply with both requests it received

All three requests

[Sir Lüc]

Thank you @Sir Lüc for your openness in explaining the situation and for recognising the oversight. Having looked again at both El Lex D.8.5 and the wording of the 2025 Census, I do have several concerns from a data protection standpoint.

Thank you Baroness Litz. This is a very thorough and detailed analysis. Unfortunately, while I am aware of GDPR, I did not consider its full implications. I would first like to answer your two questions and then move to my proposed solution:

if El Lex requires the Chancery to act in a way that conflicts with the data protection laws of a citizen's country of residence (in this case the EU or UK), does El Lex take precedence over the Chancery's obligations under the GDPR?

This is obviously a pain point of micronational legislation; one of the classical questions (and my first big argument with a fellow Talossan back in 2012) was along the lines of - if smoking weed is legal under Talossan law but illegal under my macronational jurisdiction, what should I do? There obviously is nuance at play, but while I believe questions such as that one are down to personal values, not to mention carrying consequences that are limited to the individual, others are much less subjective and much more consequential. Worse, in this case El Lexhatx potentially *directs* someone to *break macronational law*. I am sure this situation was not intended when the statute was written - the current language stems from The Freedom of Information and Privacy (Gov.) Act (40RZ9), a bill that was passed in 2009, way before GDPR was adopted. Regardless, that's not something I am willing to do nor something that is fair to require.

Has the Chancery formally considered its obligations under the GDPR as the data controller, especially in light of how the Census questions were phrased?

Did the Chancery attempt to design a personal data release form, along with the related framework for using said personal data, to strive to protect Talossan citizens's right to privacy as much as possible? Yes. Did the Chancery consult macronational legislation while doing so? No.

[Sir Lüc]

My main takeway is this - while Lex.D.8.5 needs reform, agreeing to simply not use it poses no harm or disadvantage. The purpose of D.8.5 is to ensure a free and fair election by providing all registered parties with the opportunity to contact all (opted-in) citizens, equally and uniformly. That is also the same purpose of the privacy-preserving election-time forwarding service. The D.8.5 list has not been divulged yet, so no party has gained an unfair advantage over the others.

What I propose is the following:

• Party leaders amicably and collectively agree not to request the D.8.5 list, as it would be tantamount to asking the Chancery to break macronational law;
• The Chancery retains its traditional forwarding service, and agrees to expand it so that it is available immediately, under the same restrictions as during election time;
• The incoming Cosă seriously looks at amending the existing D.8.5, so that it is no longer in breach of GDPR protections.

[Baron Alexandreu Davinescu]

That sounds fine to me!

[Breneir Tzaracomprada]

My main takeway is this - while Lex.D.8.5 needs reform, agreeing to simply not use it poses no harm or disadvantage. The purpose of D.8.5 is to ensure a free and fair election by providing all registered parties with the opportunity to contact all (opted-in) citizens, equally and uniformly. That is also the same purpose of the privacy-preserving election-time forwarding service. The D.8.5 list has not been divulged yet, so no party has gained an unfair advantage over the others.

What I propose is the following:

• Party leaders amicably and collectively agree not to request the D.8.5 list, as it would be tantamount to asking the Chancery to break macronational law;
• The Chancery retains its traditional forwarding service, and agrees to expand it so that it is available immediately, under the same restrictions as during election time;
• The incoming Cosă seriously looks at amending the existing D.8.5, so that it is no longer in breach of GDPR protections.

Agreed. I would suggest the amending of D.8.5 be led by the Chancery as the SOS has the power to propose legislation and has already proposed actions represented by the list itself.

[Sir Lüc]

I will no doubt attempt to either present a proposal myself or chip in with my thoughts on an existing one, for sure. I think Baroness Litz has already made some very sound points in this comment on the related Hopper thread.

[Sir Lüc]

Azul,

I would like to apologise for some misunderstandings that arose in private surrounding the Chancery's forwarding system, and over the changes in handling electoral literature that happened during the transition between one occupant of the Chancery and another. Hopefully this clarifies some of that and can lay the foundations for handling the issue as smoothly as possible.

First off, the rules for the last General Election were written by me, largely based on the previous, much smaller set of written rules. I endeavoured to put as much as possible into writing precisely to avoid controversies, but evidently in certain places I did not perfectly reflect what was past practice. Specifically in this instance, party literature forwarded through the Chancery was limited to two mailers sent during the actual voting period; but in the rules I wrote, it was changed to a mailer per week, at any time after a party had registered.

I did not actually mean to change anything; but as it was an unwritten custom, and I didn't receive mailers myself, I simply had no idea it was wrong (and I had no reason to suspect it was!) As the rules passed muster by the Electoral Commission, I had no idea my version was not quite right, except it was of course perfectly right, operationally and legally - just not consistent with the past. And apparently, the past version is still the law of the land in the minds of many, despite the fact it was never written in any set of past election rules as far as I could tell.

(continues below)

[Sir Lüc]

We now come to the D.8.5 issue. In this instance, we are dealing with one particular piece of national legislation which potentially places me in hot water, macronationally speaking, due to the provisions of the GDPR. Thankfully I think the posts above this one prove there is broad agreement that it needs to go, and the parties that made the D.8.5 request all withdrew it.

However, D.8.5 is statutory law, and I can't just pretend it doesn't exist. If a party wishes to send a mailer based on its provisions, then I better at least give them something they can work with. The compromise I proposed was to use the existing forwarding service instead, by extending its application so it was immediately available to existing parties, keeping in mind the rules over forwarding literature as they actually exist on paper right now (one per party per week, not two per party, ever). By immediately, I did mean "from October 13th", with the tacit understanding that once the new party registration period opened up, all mailers would pause until a new registration was made; but regardless, I did indeed expect that, since parties had the right to send emails according to D.8.5, they could and would do so using the new compromise if they wished.

One misunderstanding then arose from the issue outlined above - the two mailouts thing is no longer a thing, as of February 2025, and the change seemingly went unnoticed not just when it was made, but also when it caused minor controversy around the last Balloting Day. Parties could have potentially sent one email per week for eight weeks, under what, again, is a compromise to refrain from using D.8.5 to send unlimited emails using a plaintext list. But in my original public response to this, I definitely was discorteous at best (out of frustration for sure, but also of the urgency to make sure everyone knew what the actual rule was).

But then this led to another issue of potentially being "too many mailouts", if this scheme is allowed to exist and continue, which could asymptotically bring us to something akin to permanent campaigning. Specifically, I have been asked whether, under my interpretation of the rules and the law, "registered parties are allowed to do weekly mailouts all the time". My reply was that, while the electoral database of D.8.5 exists in law, then yes, parties can already basically do mailouts using that list as often as they please. Ideally, clearly no, weekly mailouts meant for electioneering would not happen all the time, but this extension that's happening right now is a compromise to sidestep D.8.5 and its macronational implications; we're just using something that's tried and tested and that Talossan citizens have agreed to, until the next Ziu hopefully rectifies the issue.

[Sir Lüc]

So finally, coming back to the purpose of the ill-advised post I deleted and replaced with this whole writeup:

• One mailer per week;
• For existing parties: starting October 13th, but suspended from when party registrations open up again until you re-register;
• For new parties: starting from when you register;
• You can send more than two mailers, and they will get sent within a day of me getting them, not just once ballots are out.

This framework, except for the extended period, is in Rule A.3 in both the old and the new set of rules (except that the new set is written more clearly, but the meaning is the same).

[Baron Alexandreu Davinescu]

I have already said so privately, but let me say again publicly that I regret that Sir Luc is experiencing this difficulty.  His position is an extremely difficult one, and it's a lot of pressure.  I feel certain I speak for almost everyone when I say that we deeply appreciate his service as a nation, and we value him as a citizen almost beyond words.