GDPR

[simon-brooke]

Consider how GDPR impacts on this project.

[JacMcNeil]

This is going to be something of a nightmare, as we discussed, as we need a method with which to show absolute proof that the subject - not the app user - gives explicit consent themselves otherwise we leave ourselves open to both claims of misuse and actual possible misuse. Ideally, a signature like you sign packages for would be perfect but unworkable. I'll speak to some people.

[simon-brooke]

We certainly need to have a discussion document on this, and the people who actually decide how to use the technology are going to need to have a policy. As technologists, our job is to enable as many policy options as possible.

Best place to stick a discussion document is on the wiki. But I think we also need to find out whether there's someone in the #Yes community who will give us qualified but for-free legal advice on this!

As I see it there are several issues:

Social/practical: if the method is too intrusive on the doorstep, people are going to say 'no'. Technical: if the method requires upload of too much data, it's going to hit our volunteer canvassers' mobile phone bills, slow down comms, and cost us money to store.

So I don't think asking people to sign anything is going to work (but I could be wrong there and it might be worth user trialling);

Voice recording is probably possible, but uploading and archiving sound files for each visit is going to be significant.

[simon-brooke]

Further thought on getting electors to actually sign on the doorstep:

There is a signature panel widget we could use: https://github.com/szimek/signature_pad

Touchscreen styluses which work with ordinary mobile phones are remarkably cheap: https://www.amazon.co.uk/Original-Universal-Capacitive-Touchscreen-Blackberry/dp/B00EZ08MAQ

[simon-brooke]

In discussion, it's probably OK to store voter intention data against the locality (i.e. half-kilometer square box) even if the individual voter doesn't consent to have it stored against them personally. See #53

[imacdonald]

A possible alternative would be to get the respondent to enter their own email address, which in itself would prove consent. Plus it would open a communication channel.

[simon-brooke]

How could you prove they did it?

On 25 June 2018 at 16:00, imacdonald notifications@github.com wrote:

A possible alternative would be to get the respondent to enter their own email address, which in itself would prove consent. Plus it would open a communication channel.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/simon-brooke/youyesyet/issues/45#issuecomment-399982895, or mute the thread https://github.com/notifications/unsubscribe-auth/AFPvW_IoAWpdXZJO2NRZKjlLPK1tM-wZks5uAPr0gaJpZM4SvI-O .

-- Simon Brooke :: http://www.journeyman.cc/~simon/

    ;; Stultus in monte

[imacdonald]

At recorded date & time user gives their email address to recorded canvasser ('phone or doorstep). How else would the canvasser know it. If you wanted to be watertight a follow-up email could request confirmation. This would filter out typos (just as some website registrations do now).

[simon-brooke]

OK, I'll buy that. And the confirmation email could have a link that says 'if you don't consent to us holding your data, delete it', which, if they select it, will unlink the voter intention from their personal record (but leave it linked to their locality). Does everyone agree that works?

On 25 June 2018 at 18:12, imacdonald notifications@github.com wrote:

At recorded date & time user gives their email address to recorded canvasser ('phone or doorstep). How else would the canvasser know it. If you wanted to be watertight a follow-up email could request confirmation. This would filter out typos (just as some website registrations do now).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/simon-brooke/youyesyet/issues/45#issuecomment-400027081, or mute the thread https://github.com/notifications/unsubscribe-auth/AFPvW3RPzFYi1lg7kJhPxsMkclBNPiPWks5uARoQgaJpZM4SvI-O .

-- Simon Brooke :: http://www.journeyman.cc/~simon/

    ;; Stultus in monte

[imacdonald]

I still think date & time plus email address is the consent and performs the job of being a record of such. I typically find when sending out confirmation emails that 20-25% of people don't respond due to mails going into spam folders or people meaning to do it later.

Capturing signatures might be feasible now, more than the past, because people are used to the postie or courier companies requesting them.

The user objective of the canvassing is the consideration. Do they want to physically come back to the doorstep? Telephone people to "get out the vote"? Send people emails over the coming months prior to the referendum. You need to answer these (kind of) questions to request the proper consent and collect the right data.

[simon-brooke]

We ideally do want to be able to do a 'knock-up' of electors on polling day

• make sure our voters actually get to the polls, offer lifts, etc. So capturing the intention of the voter is highly desirable. We're actually not looking for just statistics - we're not trying to talk to an idealised random sample of electors, we're trying as far as possible to talk to all electors, or at least all probable supporters. So our statistics, while possibly useful, won't be predictive of the vote outcome. What's useful is to be able to turn out voters on the day, so I want consent.

However, if we know, for example, that a particular locality leans heavily our way, a knock up of every elector in that locality is still valuable.

On 25 June 2018 at 22:38, imacdonald notifications@github.com wrote:

I still think date & time plus email address is the consent and performs the job of being a record of such. I typically find when sending out confirmation emails that 20-25% of people don't respond due to mails going into spam folders or people meaning to do it later.

Capturing signatures might be feasible now, more than the past, because people are used to the postie or courier companies requesting them.

The user objective of the canvassing is the consideration. Do they want to physically come back to the doorstep? Telephone people to "get out the vote"? Send people emails over the coming months prior to the referendum. You need to answer these (kind of) questions to request the proper consent and collect the right data.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/simon-brooke/youyesyet/issues/45#issuecomment-400104273, or mute the thread https://github.com/notifications/unsubscribe-auth/AFPvW-kXy1CA5AI9aq8JBVN2LCy5ngkZks5uAVhNgaJpZM4SvI-O .

-- Simon Brooke :: http://www.journeyman.cc/~simon/

    ;; Stultus in monte

[imacdonald]

My understanding of the GDPR consent is that it must be both specific and explicit. The nature of the activities will be determined by the user (e.g. RIC) but that has to be reflected in the app. So, assuming the user wants to GOTV, send emails, telephone. Then the app might need to have something like the following.

Yes, I would like to have: [ ] Someone come to my house to remind me to vote [ ] Occasional emails from the campaign [ ] Telephone calls asking me, my opinion

Name ____ Signature ____ or confirm by emai Email ____