The Data Protection Agency (DPA) has begun discussions with the Electoral Commission (EC) on how to ensure transparency and fairness in the handling of the personal data of registered voters.
The Director-General of the DPA, Ms Patricia Adusei-Poku, who disclosed this in an interview with the Daily Graphic, said the move was to establish the extent of voter information the EC could publish.
The engagement would also help to earmark information that could be shared publicly without infringing on privacy and confidentiality as the country’s laws permitted.
The move by the DPA follows public concerns over the EC’s decision to publish the full 2020 voters register in the Cloud, an Internet database, with links on its website, ahead of the December 7 polls.
Some members of the public have expressed concern over the potential insecurity the publication of voters’ details could entail.
The commission has declined to comment on the issue.
Legality versus privacy
Ms Adusei-Poku told the Daily Graphic that although the EC might have legal backing to publish the voters register, there was the need to consider individuals’ right to privacy in doing so.
“I assume that the EC has an enabling law that allows it to work in certain ways, possibly publishing the electoral register. Many countries have their electoral registers published, so it is not unusual.
“However, beyond the delivery of the legal mandate, even if there is a law that allows you to do what you have done, you should look at other ways of improving transparency and fairness in the processing of personal data,” she said.
She said the two bodies would collaborate and work together to avert any genuine concerns, instead of operating in silos.
“The situation where we work in silos and just focus on our mandate should be looked at. We need to take into account other complementary and relevant laws in the delivery of our institutional mandate,” she said.
The Minister of Communications, Mrs Ursula Owusu-Ekuful, said on Metro TV’s Good Morning Ghana show that the ministry and its agencies, the DPA and the Cyber Security Centre, would work with the EC to ensure that the register would be published on the EC’s website in the appropriate form.
She said the register needed to be published in a form that would not expose the individuals whose data were captured onto it to serious privacy risks.
“It is a tussle between the right to apply the law by the EC and the privacy of the people, and so we need to look at which information should be put out and which should not,” she said.
EC must be lauded
A legal practitioner and Law lecturer at the University of Professional Studies, Accra (UPSA), Mr Albert Quashigah, told the Daily Graphic that there was nothing unlawful or wrong with the publication of the voters register on the EC’s website.
Instead of criticising the EC, he said, the electoral management body should be lauded for adding another layer of transparency to its work by publishing the register on its website.
He said the EC had always made the electoral register public and, therefore, its decision to add its website as another medium to make the register public deserved commendation.
“The EC is a public body performing a public function. In the performance of its function, it has the mandate to publish information concerning voters in a manner that allows people to check their details,” he said.
Mr Quashigah added that the details published by the EC were not too personal or incriminating that could allow excessive intrusion into people’s privacy, adding that even the constitutional right to privacy could be breached under certain circumstances.
“What the EC published shows only the names and ages of voters. We gave more information to the EC, such as parents’ names, residence, telephone numbers, etc. It is not as if people can get access to the other pieces of information when they click on the information published by the EC,” he said.
What the laws say
The Public Elections (Registration of Voters), Regulations, 2016 (C.I.91) gives the EC the legal mandate to publish the register in any manner that it deems fit.
Section 27 (3) of C.I. 91 stipulates that “after the register has been certified it shall be published in the manner determined by the commission and shall replace any existing voters register”.
Since the information released by the EC contains personal information, the Data Protection Act, 2012 (Act 843), which provides a safeguard on how such information ought to be used, has a bearing on the EC’s publication.
Per Section 18 of Act 843, a person who processes personal data must do so in a lawful and reasonable manner and also without infringing the privacy rights of the data subject.
Section 20 of Act 843 also allows the processing of personal data without the consent of the data subject in special circumstances, including if it is “necessary for the proper performance or necessary to pursue the legitimate interest of the data controller”.