Many concerned parties have criticised the Irish Department of Employment Affairs and Social Protection’s decision to monitor social media sites.
Whoever obtains the right for the contract will have the right to monitor certain keywords across multiple social media websites, and will report back to the department via email or digests.
The company responsible for the tender will monitor up to 6500 articles a month, with an estimated 4500 of those being from print media and the remaining 2000 from digital.
Several advocates for privacy have already expressed their concerns, as the contract does not stipulate what the monitoring will emcompass.
Digital Rights Ireland has questioned whether this level of monitoring is legal, while the Irish Council for Civil Liberties said that it could have a “chilling effect” in regards to how people express themselves online.
Elizabeth Farries from the Irish Council of Civil Liberties worried that “There is no indication that the Department intends to anonymise the details they collect. If not, they must comply with the GDPR which by default requires that only personal data necessary for a specific purpose be collected, processed, and stored.”
The sentiments were reaffirmed by a solicitor for Digital Rights Ireland and director of Data Compliance Europe, Simon McGarr, who highlighted that article 35 of the GDPR states the department is legally obliged to conduct a ‘data protection impact assessment’.
"If the impact assessment found that monitoring was appropriate what was the basis that this was not captured under article 9.1, which prohibits the processing of data revealing political opinions?" McGarr said, speaking to TheJournal.ie.
The department responded to the questions, saying that the tender was proposed due to social media becoming a place where economic and social problems were expressed first.
The spokesperson added that “should the pepartment elect to appoint a provider of a social media monitoring service in future, the service would be fully compliant with applicable data protection, privacy and GDPR obligations,” following concerns that the reports would not anonymise the data collected.