Privacy 101 - Why do we apply privacy to public figures.

Question

I have just raised a question concerning privacy afforded to living people who are famous, very public, notable people.  My interest is in the Zimbabwean dictator, Robert Mugabe, now deposed by coup d’etat and enjoying his billions.  I wish to link Catholic Archbishop of Harare, the late Patrick Chakaipa, a close friend of Mugabe to the Mugabe profile...

The imposition of absolute privacy given to a public figure whose biography and antecedents can be found easily in the public domain seems a little odd to me.  What purpose does hiding this man serve?

Comments

Please don’t throw GDPR at me in answering this question... Wikipedia doesn’t seem to care

https://en.m.wikipedia.org/wiki/Robert_Mugabe

---

I think this is about the interpretation of GDPR. Wikipedia simply choses a more measured and common-sense response.

---

Data is much more dangerous in a database than in a book.  As we saw with the Facebook scandal, it's not just about what they can find out, if they start with your name and go looking.  It's about what lists your name might come up on, when they search by criteria.

Google doesn't know you from Adam and has no interest in you at all.  And yet, it makes money from commercial exploitation of your search history, and it isn't only shoe retailers who could use that data.

---

The entire reason for GDPR is to prevent unscrupulous data sharing by companies and other entities who strive to make money out of your private data.   The crux of GDPR is that if you ask customers for personal private data, you may not share it, willy nillie without the customers full consent to do so... full stop.

In my one business, collecting data, requires that the banks and providers of credit MUST obtain the consent of their customers, to pass the information they acquire onto a credit bureau.  If they pass on information of an adverse nature, without the permissions of their customers, then not only are they in breach of GDPR and similar national regulations, they may also find themselves in the dock for libel (or as we term it defamation).   

WikiTree is not making money out of publishing data volunteered by its membership.  If it were, then it would be seriously in breach of GDPR as it pertains to EU citizens.  I have opined a different view, for point of discussion, and that is whether publication, which is what WikiTree does, of  the data its members have volunteered (i.e. consented to) would in anyway be in breach.  Clearly it is not, because Wikitree still functions.

Now to the question of a public person.   I can see no reference in GDPR concerning the publication of information generally in the public domain about a living person.   This is an entirely different concept and I argue that it is outside the domain of GDPR.   That is why, in the case of Robert Mugabe, you can find much reference to him in newspapers, books and on the internet.  Whether its a book or an internet site, it is still data!   Wiki tree would not be sending data streams to a third party for purposes of marketing or some other nefarious activity.

The only concern we would have in publishing Robert Mugabe's profile would be that it is in no way defamatory.  WikiTree would need to have a due diligence process and before that we would need to clearly define what constitutes a public person.   I just simply cannot see that there would be any breach by WikiTree of the GDPR regulations...  Robert is a Zimbabwean citizen, not an EU citizen.

---

Just a quick follow up on this thread.   I have communicated with local EU Emissary, requesting a better understanding of the position on public people, where there is full disclosure in the public domain, and yes, you guess right, I have not had the courtesy of a reply! Perhaps I am not worthy!

Answer 1

I won't throw GDPR at you.   I will say that WikiTree is run by Chris Whitten and these kinds of rules are made not by the community, but, by Mr. Whitten.   Please see https://www.wikitree.com/g2g/601685/significant-privacy-related-changes-to-wikitree-for-gdpr?show=601685#q601685   to understand his reasoning.    

I am with you on this subject as you can see by this discussion almost a year ago.   https://www.wikitree.com/g2g/625560/gdpr-and-famous-people?show=625560#q625560   

Comments

I won't throw GDPR at you.   I will say that WikiTree is run by Chris Whitten and these kinds of rules are made not by the community, but, by Mr. Whitten. 

This isn't a very fair statement. This makes it seem like Chris just dreams up these changes and pushes them on the site for the fun of it.

---

Thanks Robin... I can understand the precautions and the need for privacy of private people.  I know the GDPR argument and in my interpretation it applies to private people and I support the measure taken.   However, people who have chosen to pursue a fully transparent public life, with full disclosure and information already in the public domain, would seem not to be under the purview of GDPR.  This is why organisations like Wikipedia continue to publish.   

GDPR concerns itself with the non-disclosure of personal data and sensitive personal data which is officially obtained by companies and other organizations in the pursuance of their business.  Social media accounts, where sensitive information is volunteered come under the purview of GDRP.  Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person.  It does not, in my interpretation relate to information obtained through research which is published in the public domain.  

In the matter of Robert Mugabe, and many other famous people, I wonder if WikiTree has sought clarity with the European Union on public domain information.   There is absolutely nothing, information wise, which is sacrosanct once it has been in the public domain.  GDPR seeks to prevent information (officially obtained) getting into the public domain.

The ancestry perspective in Mugabe's case should not be an issue going back, since they have all perished.  Obviously and without exception his second spouse, still living, and children are due their privacy up until the point they predecease the old man.  But they too have allowed publication in the public domain.

Newspapers around the world still continue to publish information about living people, their crimes, their achievements, and a miscellany of information such as births and death notices, marriages etc.  

I have seen previous posts... I just believe its healthy to revisit these issues every now an again.   We all have a vested interest in the success of WikiTree, and we do not wish to see if facing litigation challenges.  WikiTree could seek learned opinion to prevent such challenges.

---

Hi Andrew,  understand and agree....take a look at https://www.wikitree.com/wiki/Help:Developing_New_Rules

Maybe you can put together a proposal.   I think the issue is how to define "public figure" from all other living people.   If you can propose a methodology for determination of which profiles should be Public, I will help support your proposal.

---

I’ll give this some thought Robin...  Thanks for the link...

---

I have written to the EU GDPR organisation, via my local EU Delegation, seeking opinion.  WikiTree shall not be named or referred to.  Let’s await an outcome...  I think enough said for now.

Answer 2

The truth is, you have to throw GDPR into it. The only reason this change was made is to help with privacy concerns driven by the GDPR. This isn't something anyone wanted, but it is a dedicated move and a necessary change to protect the website and our shared investment

Yes, Wikipedia may have ways around it, but they do that through heavy editing and monitoring efforts. I can name quite a few notable figures who are 100% open to the their Bio's being in the public spotlight, but do not want their ancestry (parents, siblings, grandparents, etc.) published, and we have no way of doing that currently.

Comments

And there are mitigating circumstances that make it much more challenging for a site that is primarily run by volunteers and essentially does not have large legal funds to manage a full-scale case against something like the GDPR. So while other sites may opt to ignore the letter of the law in continuing to publish information that has the potential to become the first case to be tried in this area, WikiTree has chosen to take the route of allowing them to try the law first and not be in the spotlight as it relates to legal issues. Should clarification or otherwise legal precedence be established that would allow profiles to be opened up again, I am certain that I'd be one of the first in line to open them up. But until the law has been proven with actual casework, I suspect it will remain this way.

---

Steve, Thanks... I have answered with a comment in the previous answer.

Answer 3

Andrew the answer is that the people that run WikiTree decided to make the privacy level unlisted for ALL living people after the GDPR was enacted. Wikipedia is run by different people and their policies have no bearing on the policies of WikiTree so you may not like these answers but they are the truth.

Comments

We need to grasp the concept... there is a huge difference between protecting the private data which has been obtained as part of dealing with an authority, company, or other organisation, and publish something which is already in the public domain, carefully quoting the sources of that information.   Think about that.

---

Andrew I do not make the rules on WikiTree but you need to grasp the concept that the rule in this case is in place to protect the work we have been doing for over a decade so far now.

---

The old adage that rules are made to be broken comes to mind 

No, seriously, rules can be amended and changed... they are not set in stone...  One of my businesses deals in private personal information of a sensitive nature, and we are well aware of data protection regulations in Southern Africa for good reason.  

It’s a credit bureau, and we deal with matters like civil judgements and the like... millions of bad deb records and all.  Is this pertinent?  Yes...  Because I believe we here at WikiTree are mixing concepts between private data protection and publishing what is already in the public domain.  While it would be prohibited for me to publish personal private information collected by providers of credit for purpose of search on our bureau, I am at liberty to publish information on the creditor pertaining to what has been lodged in the public domain i.e. Court Judgements. It might seem a thin line between concepts, but in actual fact they are poles apart.

I can understand risk management by WikiTree and protection of our work. That is to be respected.  It has been suggested that perhaps I write a paper, but before I do, I would like to do far more research.  In actual fact, we do make the rules here and all it needs is a sensible proposal.

Answer 4

GDPR was the reason for the change.  We don't need a lawsuit to eat the small funds generated by advertising, which go towards running the site.  

GDPR still had to get enacted by each individual member country, which adds another hurdle to the issue.  It is a general directive, but has no force of law until each coutry makes their own law.  And I bet they will not all be identical.  Once they have done so the exact applicability of their legislation as regards public figures could be looked at.  Until then, holding pattern.

Nothing stops you from doing the bio of Robert Mugabe, or linking to it, other than the privacy level if you are not among its managers.  

He is not the only public figure affected by this by a long shot.  There was a G2G question in Canada for relationship to our current prime minister.  A distant cousin of mine.  That game got curtailed by this change, although one can still find it by doing the calculation using his father, who was also a prime minister.

Comments

Thanks Danielle... it simply needs review... I am hopeful that we may discover a conflict of concept with this matter.  I think I am right it my points raised above.

Answer 5

There is a point many people on the American side of the Ocean don't know about. When I, as a German citizen living in the European Union, want to find out some stuff e.g. about one of my distant, living relatives who is in the Minnesota State House of Representatives, there are newspapers that block me. "We detect you live in the EU and because of current rules (GDPR) we cannot allow you to read the article you want to read because it contains informations about a living person." And now? Ok, I could use a VPN, but actually this is the second when I start swearing on GDPR. So it's not only people outside of the EU who seemingly have to live with limitations because of GDPR, it's also Europeans.

About Wikitree unlisting living persons. I don't agree with this decision also, but I understand that Chris simply wants to protect Wikitree to get in lawsuits at all. And in that case unlisting is the best method to do so. 

Comments

Jelena, Thanks for your comment...  Of course I have to pour scorn on that newspaper that barred you.  If ever there was a more ludicrous application of GDPR, then that Newspaper takes the cake. It just goes to show that there may be massive misinterpretation about GDPR.   No newspaper worth its salt would publish any thing about a living person and then deny a readership access!  Besides, how were they to know the person was still alive, to make the denial?   An interesting point raised though... an something I might put to the EU representative I am put in contact with to address these issues.

---

This article was about a current member of the Minnesota House of Representatives and they know he is still alive.

---

They may have done that out of ignorance, or may have actually been applying other laws and giving you the run-around on the actual reason.  Often I have tried to view things on YouTube or such and gotten the notice that I could not see it because it was not released in my country (Canada), and the question involved was one of copyright, not GDPR.

---

They named clearly the GDPR in their statement why I couldn't read the article. I may have not cited the exact wording out of my memory, but the sense was this what I said above. There was nothing said about copyright.

---

If they really think that's what GDPR says, they have completely the wrong end of the stick.

---

Jelena, I appreciate your perspective. I am terribly grieved that you must suffer because of GDPR. I don't know why people in the EU are not rising up against it. From my standpoint, I wish that every US-based web site would ban access in the EU because of GDPR. Perhaps that would get the attention of the EU and create a groundswell for revision or repeal of that vile law. 

---

I often read US News sites as well as those from Europe and have not seen that particular  message.It does sound like an excuse or misunderstanding of the nature of the legislation.

I do not see the law as a vile law. In fact I'm very happy with it. The most noticeable change  introduced by  GDPR allows me to opt out of cookies whose purpose  is to merely to agglomerate info about me  i.e the numerous personalisation and advertising tracking cookies.https://eugdprcompliant.com/cookies-consent-gdpr/ It's been an eye opener to see just how many of these that there are.

 Ive found that non EU sites behave in different ways.

 Some are fully compliant in that  they present you with an opt out screen . On both sides of the Atlantic, there are some sites that  make it onerous. You have to switch off each cookie individually and travel through many screens to switch them off. Obviously they think if they make it a hassle you won't bother .Others , I think the majority of major sites, present each type of cookies in a batch with a simple toggle on off switch.

A few US sites refuse to show you the site if you wish to opt out of receiving cookies. Obviously by refusing I am denying their revenue stream.  I haven't  come aross many like this and am happy to avoid sites whose content is driven by advertising. A couple of major newspapers do limit what you can see if you opt out of all cookies (in amount rather than type of content)  One major newspaper limits the number of visits but  offers a cookie free version with a very low cost subscription.

A few sites detect that you are from the EU and refuse to allow you to visit.  There were quite a few of these at the start but I don't see many now. Those that remain are probably those that receive few European visitors. Adding cookie opt out software would be in their eyes an unecessary expense.

---

Helen, I *usually* also don't see this message. But there is at least one Minnesota based newspaper that had this message. And as I said above they think they have to block me because of GDPR and the infos I could "collect" about a living person. (This is now more my wording than theirs.) I also opt out of every unnecessary cookie sites want to have and additionally I have put my browser settings to "don't allow third party cookies", so even when I give up because of zillions of companies who collect, they mostly don't get anything.

---

It's of little impact for WikiTree, but it's because of comments like Bill's that I privatized as many family profiles as I could (all those born after 1869). I want them deleted if I am asked to close my account (and they are of no interest to Americans anyway). I stopped adding family pictures and removed most of those that were there for the same reason.

An the reason why I don't rise up against GDPR is because, as stated by Andrew Field elsewhere, its aim is to protect me against unscrupulous data sharing by companies and other entities who strive to make money out of our private data. 

Like Jelena and for the same reason, I have been refused access to some online articles because of being based in the EU. I agree with Helen's analysis of the problem.

---

Wow Jelena, thank you for your personal experience and insight from in Europe. Disappointing and unfortunate, but very good to be aware of and understand!