The Dispatch – May 21/22: Stalker’s Paradise

Georgia’s Big Personal Data Protection Problem – State Inspector Rules on MP’s Phone Number Bullying – Patriarchate Checks Raise Health Data Confidentiality Questions – Public Defender Denied Access to Church-Run Foster Home

In Georgia, where everyday struggles mostly focus on political or physical survival, protection of personal data is not yet taken very seriously. The latest news cycle tends to suggest it should be. Here is Nini, your operator, with relevant updates from Georgia.

The Dispatch is our regular newsletter. Subscribe and find us on Twitter: @DispatchCivil  

*** Do you know that Civil.ge team has been running a Facebook-based project, that molds the language of the late 19th century Georgian newspapers to tell the news of Europe? Readers have been flocking to read about the European affairs translated from the original sources and delivered with an engaging twist. 117 thousand views in the past 28 days, 34 thousand engagements. We are doing something right. Come to check it (in Georgian) out on Facebook @EuropeHerald ***

Georgia’s Big Personal Data Problem

In a small, tightly populated country with a chatty climate, one does not need detective skills to find out a phone number or address to, say, approach one’s romantic interest – who, the chances are high, may also not pick “the issue” with some harmless stalking. Or your friends and relatives may get a little upset if you ask them to “ask first” before publicly sharing your pictures and other sensitive information.

This makes the prominent story of a Wolt courier less surprising. The courier, despite being warned by the employer, used the protected personal number to send a complimentary text to the client he fancied – after the delivery. The client, a young woman, “dared” to spread that unwanted message on social media, thus sparking one of the most heated online debates of the past months. To some, the debate taught a lesson about the degree to which personal data is vulnerable. The others refused to see the problem, slamming the client for “making the issue out of nothing”.

Another example of widespread disregard for privacy is a popular mobile numbers app that allows its user to identify the owners of an unknown mobile number by accessing contact lists of other app users and showing the names under which they have saved the number. Despite the warnings by the State Inspector’s Office, a body tasked with overseeing and developing personal data protection standards, the demand for the app was apparently so high that it started charging the users.

Vital governance reforms over the past years may have increased transparency and accountability, but sometimes at the expense of personal data precautions: no hacking skills are needed to access birth dates, addresses, and other personal information for someone with some googling skills and knowledge of several key online – often state-managed – databases. The developments described below illustrate further vulnerabilities.

PERSONAL IS POLITICAL? The State Inspector’s Office has been studying the bizarre incident that unfolded during the parliamentary session in February.  Tea Tsulukiani, who was an MP then and is the Minister of Culture now, announced the mobile number of Nika Gvaramia, head of opposition-leaning Mtavari Arkhi TV on the parliament floor, in a sort of a bullying act. Gvaramia soon complained he was inundated by thousands of calls and SMS texts the next day. Two journalists – Eliso Kiladze and Nanuka Zhorzholiani – responded to Tsulukiani’s move by making her number public, too.

WRONG, BUT NOT WRONG ENOUGH Now the ruling is out: the Inspector refrained from sanctioning any of the “suspects” – citing MP immunity and journalists’ freedom of expression which take precedence over personal data concerns in these particular cases. In wisdom befitting King Solomon, the agency still disapproves of these controversial acts but is leaving it up to the “self-regulatory” bodies in Parliament and media to address the associated human rights concerns.

KNOWING WHERE IT HURTS The Inspector’s office now has more time to study another, no less controversial issue: Georgian journalists were taken aback after some were denied access to the May 19 press briefing in Georgian Orthodox Church Patriarchate. The Patriarchate said they checked the journalists’ ID numbers against the COVID-19 infections records, as a precaution. The journalists wondered how that was possible, and Patriarchate’s spokesperson Andria Jagmaidze explained that they had access through the hospital which is ran by the Patriarchate. The facts still need to be checked – some journalists suspect that this was just a pretext to exclude unwanted eyes – but simply the fact that the men of the frock would consider access to such data as something normal, is alarming in itself.

EASY LEAKS Paata Imnadze, Deputy Head of National Centre for Disease Control (NCDC), denied the Patriarchate  had access to health data that is, according to him, “very confidential.” This did not calm down the journalists – they worry some doctors who have access might find it hard to refuse their spiritual guides.

SYSTEMIC NEGLECT To further illustrate the problem: the 2020 study by the Innovations and Reforms Center, a Georgian watchdog, says that many public or private offices so far failed to properly internalize the importance of personal data protection. While the Law on Protection of Personal Data has been introduced in 2012, the report says that even the best performers in this regard limit themselves to superficial and pro forma handling of the sensitive information. Among many identified flaws, findings also point at the absence of a systemic approach to personal data protection in the Ministries of Health or Internal Affairs, noting that data processing-related risks have not been studied in the key databases, including the electronic system of health records.

…AND WRONG PRIVACY Still, the church seems to know how to lock down access to sensitive information when it needs to – and where it is the least justifiable. The representatives of the Georgian Public Defender have been repeatedly denied access to the children’s care home run by the Georgian Orthodox Church in Ninotsminda, Samtskhe-Javakheti region, which is reportedly sheltering 56 minors. The bishop in charge cited Public Defender’s support for LGBTQ+ issues as a justification for the refusal to allow monitoring. The interim measure triggered by the UN Committee on the Rights of the Child in May to enforce the inspection proved inefficient, as the police – so far – fails to ensure access. As children’s rights concerns grow, the Public Defender says relevant tstate institutions also failed to timely and effectively communicate on the matter.

That’s the full lid for today. Celebrate the bizarre and the curious in Georgia’s politics with us every Monday, Wednesday, and Friday!