It’s been five months since the GDPR rules came into effect, and while the idea was a good one, the rules themselves are at times ill-defined and open to interpretation, and left a lot of people very confused. This weekend I learned that even the UK Government themselves can’t quite get it right.
My wife and I have just moved house, and one of the many tedious tasks that goes along with a move in the UK is updating your address on the electoral register, so that we can still vote in any upcoming elections. In the UK we have two voter registers: the electoral register, and the open register (also known as the edited register).
The electoral register lists the names and addresses of everyone who is registered to vote. This register is used for electoral purposes, and is not available to the public in any form.
The open register is an subset of the electoral register that is not used for elections. The open register can be purchased by any person, company or organisation. Of course, being included on the open register is entirely optional, and most people I’ve spoken to choose not to be included.
So anyway, over the weekend when I was updating our addresses on the electoral register, I was presented with this page:
As you can see, although the check box for the open register is unchecked by default, you actually have to check it to opt out of the open register. And according the the UK’s Information Commissioner’s Office’s interpretation of GDPR:
Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
Judging by that description, this does seem to fall foul of GDPR. Of course I’m no expert, and maybe there’s some reason or special exemption that makes this ok, but I’ve contacted the UK government to make sure they’re at least aware of it all the same.
This also makes me wonder how many people have accidentally left themselves on the open register, only to receive a shit-ton of junk mail because of it.