Unofficial webpages that process personal details to book visa renewals for immigrants in Ireland claim their data handling practices do not contravene the GDPR.
Facebook pages, phone apps and other websites are among the forums available that enable individuals from overseas to pay up to €40 in exchange for a fast-track towards securing a date to see the Irish Naturalisation and Immigration Service.
The sites work by booking swathes of appointment slots and selling them to needy immigrants who will stop at nothing to get their documentation in order before visas expire. Despite changes made to the system by Ireland’s Department of Justice, a replacement online platform is due to be implemented to keep the shady brokering at bay.
As the work goes on, thousands of immigrants are still registering their private details, including passport information, birth dates and phone numbers – data that could leave citizens vulnerable to criminality.
To offset risk, the Data Protection Commission in Ireland has reminded organisations responsible for processing the data to be mindful of their duties under the EU’s General Data Protection Regulation, only keeping “the minimum amount of personal data necessary to conduct business,” and only storing that data for as long as is necessary.
A spokeswoman for the Commission told the Irish Times:
“Organisations that process personal data have certain obligations under the GDPR which requires them to be accountable and transparent with service users.”
Those running the appointment booking sites say that the GDPR’s standards are observed, and that all data collected is erased as soon as a booking is finalised. However, those involved have not provided a breakdown of the booking process from start to finish.
A Facebook page named GNIBot, set up in 2017 by Renan Danton, now has over 7,650 followers. Mr Danton said that he is not breaking the GDPR.
“All consumer information is deleted after the appointment is made or when the consumer cancels the service,” Mr Danton said, denying that his approach breaks the GDPR.
“If I say that to you I’ll have 100 competitors tomorrow. My business is handmade appointments for people who register on my website. Basically, they’re paying for our time to stay in front of the computer to make the appointment for them, Mr Danton continued, without revealing specifics on his data processing methods.
Ireland’s Department of Justice has said that it knows about the heavy delays in the official appointment system, and has encouraged immigrants to avoid submitting their personal details to “unregulated agents.”
A Department of Justice spokesperson said:
“We ask that customers bear with us and we continue to encourage all customers to make their appointments using the INIS online appointment system.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/