AUR - suspected of breaching the confidentiality of personal data

English Section / 23 august 2023

AUR - suspected of breaching the confidentiality of personal data

Versiunea în limba română

The Alliance for the Union of Romanians (AUR), the political formation whose president is George Simion, risks a maximum fine of 20 million euros because the mobile application used by the party would have publicly exposed the personal data of its 20,000 users. Government sources told the media that the National Supervisory Authority for the Processing of Personal Data (ANSPDCP) self-reported in the respective case, because the users' personal data (CNP, bulletin series and number, telephone, full address, email address , contributions paid to AUR) remain stored even if the application is deleted from the phone.

According to the law, the AUR was required to notify the ANSPDCP within 72 hours of the security breach, which the party failed to do. Following the investigation carried out by ANSPDCP, it will be established whether the party is guilty of this situation, in which case the sanctions could be extremely harsh.

Article 83 para. (5) of the GDPR Regulation provides:

"For violations of the following provisions, in accordance with paragraph (2), administrative fines of up to 20,000,000 euros or, in the case of an enterprise, up to 4% of the total annual worldwide turnover corresponding to the previous financial year, taking - the highest value is calculated:

a) the basic principles for processing, including conditions regarding consent, in accordance with articles 5, 6, 7 and 9;

b) the rights of data subjects in accordance with articles 12-22;

c) transfers of personal data to a recipient in a third country or an international organization, in accordance with articles 44-49;

d) any obligations under the national legislation adopted under Chapter IX;

e) failure to comply with an order or a temporary or definitive limitation on processing, or suspension of data flows, issued by the supervisory authority pursuant to Article 58 paragraph (2), or failure to grant access, in violation of Article 58 paragraph (1)."

Since with regard to political parties it is not possible to talk about the turnover, a possible fine will be established directly in the amount of money, with reference to the maximum threshold of 20 million euros.

The Alliance for the Union of Romanians decided to temporarily suspend the operation of the application until the identified problems are fixed.

"Due to a security breach faced by the AUR Platform, the Alliance for the Union of Romanians has decided to temporarily suspend the operation of the application until the identified problems are fixed. The company that made the platform confirmed the existence of a security breach that appeared as a result of a software update. In order to quickly remove an imperfection in our application and provide our users with a more secure solution, we will suspend the operation of the application for users to conduct all security tests and make sure that there are no more similar breaches," according to a press release , transmitted by the political formation.

The operation of the application is suspended for 24 hours.

"It is the destiny of every IT project to become stable and secure only after repeated trials and especially after a period in which it works in real mode. We were very enthusiastic at the beginning, now we are much more careful and monitor the safety parameters of our application in real time. We assure all users of the application that we have made this innovative project with the best intentions and with the sincere desire to remove any barrier between them and the party structures. We will continue to develop web tools that will allow Romanians to send us their opinions and suggestions in real time, in order to be able to permanently harmonize the party's political strategy with the wishes and visions of the people we work for," the cited document also states.

We note that, according to Libertatea newspaper, after installing the AUR application,

supporters had to set up a profile as a party supporter and thus provide personal information such as name, phone number, location and zip code of home or residence, adding a photo was an optional option.

That application was, as the cited source shows, also a source of income for the political formation whose head is George Simion. Thus, users of the AUR app were invited to purchase different packages. A standard package cost 100 lei and included a 10% discount at AUR stores, an organized tour of the Parliament and a tricolor. The silver package costs 1,500 lei. Included in this package are free books, a 15% discount at AUR stores, an organized tour of the Parliament, a tricolor and a t-shirt. The GOLD package costs 5,000 lei. This is metal, offers 20% off at GOLD stores, everything the lower packs contain, a badge, access at AUR conferences and events and a one-on-one with George Simion.

Contacted by the quoted source, George Simion said that by the end of June, more than 3,000 people had bought these packages from the app: 2,893 standard packages, 98 silver and 217 gold packages. In less than two weeks, since the application was launched, the party collected over one million lei.