Mary Fitzpatrick (Fianna Fail) | Oireachtas source

For the purposes of the secretariat, I am in Leinster House. I thank all the witnesses for attending today. We have had a number of sessions. We are conducting a very important piece of pre-legislative scrutiny. There is a commitment in the programme for Government to establish an electoral commission. It has been talked about for years and we very much hope to get this piece of work completed swiftly and to have an independent electoral commission in place as soon as possible.

I will focus on two key areas: the use of the electoral register and political advertising. I thank the witnesses for their statements. I understand from them that Sinn Féin is the only party that operates a centralised database and combines that database with online political advertising. I heard what Deputy Ó Broin said. It is a cloud-based database. I guess it is hosted on servers internationally in the US, Germany, Bosnia and Northern Ireland. My understanding is the database contains information about constituents from the electoral register and from the party's constituencies. I guess the party has 50 offices that serve the 37 Deputies, their secretaries and what I guess are a few hundred councillors. As I understand it, from what Deputy Ó Broin said, all those Deputies, councillors and volunteers contribute to the database, which also contains the electoral register. While I accept Deputy Ó Broin is saying it is secure, many people have a lot of access to information about an awful lot of people if the database contains information on up to three million voters. As I understand it, the database would be characterised by having information such as voters' names and addresses, the people with whom they live and their friends and families. If somebody was to go to a local councillor such as Séamas McGrattan in Cabra or Larry O'Toole, he or she might also give his or her PPS number, phone number, email address or the status of his or her employment if it was a housing issue. That is an awful lot of information - very personal information.

The security of it is very important not just for those individuals but also for our democracy when you combine it with the power of the microtargeting that can be done on platforms like Facebook. I see from Sinn Féin's Facebook ad profile that it has 17 advertising managers based in the US, Germany, Serbia and Ireland. I presume those 17 Facebook managers, combined with all of Sinn Féin's Deputies, councillors and volunteers who have access to the database, have access to and are managing all of those data and from there, creating custom audiences. This involves microtargeting similar to what was used in the Brexit campaign in the UK and, more recently, in the US presidential election. Sinn Féin has an ad running this week where Mary Lou McDonald invites people to join her on a Zoom call to talk about housing. Does Sinn Féin use that microtargeting in the database to do that?

If that is the case, the challenge is to understand if people are comfortable with that, if it is good for our democracy and how it will impact on our democracy going forward. Deputy Ó Broin is correct that it is not just Sinn Féin that has access to this; other parties also have access to it. I heard Deputy McDonald say that up until recently Sinn Féin did not have a data protection officer, which is a requirement under GDPR. It also only recently provided a privacy statement on its website, which is also a legal requirement under GDPR. Did Sinn Féin undertake a data protection impact assessment before uploading the electoral register and merging that data with the information its constituents provide to local representatives? They are all legal requirements.

My final question relates to Facebook. Its terms and conditions require every user of its customer audience function to have a lawful basis for creating those audiences and microtargetting. Has Sinn Féin complied with that requirement? If the other three requirements - a data protection officer, a privacy statement and a data protection impact assessment - were not met, how can Sinn Féin comply with Facebook's terms and conditions? Perhaps, it has done that by deleting the database and the custom audiences. If so, I would like to hear about that. We need to address this issue going forward in the electoral commission legislation.