After they asked for the PESEL (Polish national identity number) I just stopped filling the form. It's sensitive personal data, you don't want to give it unless it's necessar and you have complete trust for requesting party.
I understand your concerns and where you are coming from, but the privacy policy is refreshingly transparent, readable and clear: https://reclaimyourface.eu/privacy-policy/
Some key facts:
- "ECI signatories: your full first and last names, country of residence and date of signature. Depending on the signatory’s nationality, we will also collect a combination of the following data: residence (street, number, postal code, city, country), date of birth, national identity document type and national identity document number." This seems to indicate that the data requested is dependant on the country you live in. So blaming the organization is a bit unfair.
- "Your data will be stored by the group of organisers for a maximum retention period of one month after the submission of the initiative to the European Commission or 21 months after the beginning of the collection period, whichever is the earlier. It might be retained beyond these time limits in the case of administrative or legal proceedings, for a maximum of one month after the date of conclusion of these proceedings." They will remove your data whatever happens.
I've signed the petition and handed over my the equivalent of PESEL. I did that because I understand that if we want to enact change we have to be more than a signature on an online form, we have to be a living breathing person and not just another email-address in a database. They can sweep [email protected] under the rug rather easily but along with data that proves that I'm a citizen that becomes much harder to do.
I think this is an official petition, so, there are legal requirements to identify yourself as a citizen of an EU country.
Depending of your country they ask for different data. For instance, for Finland they ask the physical address but for Belgium only the national ID number. I suppose that there is not such number in Finland or it's illegal to ask for it.
There is a link in the form to the relevant regulation. So, the website looks legit. Of course, that doesn't mean that it's legit but my gut feeling it's that they are.
Yeah that’s really not OK. Though in some countries that number isn’t sensitive by itself, asking for it to sign a petition is incredibly creepy.
If you select Netherlands they’re at least informed enough to not ask for the Dutch equivalent, the BSN. It would be against the law for them to ask, process or store it.
How would you have an effective petition in the EU without verifying that petitioners are EU citizens? Then this petition would be reduced to a singular PR push.
Can't each country have a platform where you kind of validate it in kind of this way.
- Select the country, get redirected to the sovereign identity auth platform
- There you can log in/provide the details in the sovereign run platform.
- The sovereign run platform validates and sends out a unique anyonymized hash for the user which the platform can store to keep count.
This can be used for other validation purposes as well which are not limited to just petitions and the data returned by the platform can be scoped to the requester sort of like Oauth.
To make it even better for privacy, you can introduce the concept of an application identifier which will be unique for petition/form etc. The hash will be unique with the application identifier scope, so outside platforms can't correlate individual identity through multiple petitions.
You don’t need to ask for the social security number equivalent to verify citizenship. By itself it doesn’t help in that context since residents get one too.
If you try the form for different countries, in a lot of cases they don’t ask for that particular identifier, because they legally can’t, and ask for address information instead. That’s still a little creepy, but a whole lot less.
In some countries, like Poland, you don't have to have your address registered with the government. PESEL and your ID number are a sort of multi-factor authentication mechanism.
Residents in much of the EU get plenty of rights, including voting in local elections. So why not? They live there, and their biometrics are being collected too.
That’s interesting - I looked at what was required for my country of nationality and my country of residence, and neither asked for the national ID number. They still wanted the full street address, but no ID number.
Any idea why they would treat Poland differently? Austria, Belgium, Bulgaria all also seems to ask for a document number and not an address.
It depends on your country, some require personal information and some doesn't... For the latter you still have to provide your street address.
Check ANNEX III part A of EU regulation here: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=15733125...
From looking into it a bit, it looks like each country sets the requirements by themselves. In case of Finland, requirements are documented at least at https://dvv.fi/en/european-citizens-initiative ("The organisers must collect the family name, full first names, date of birth, country of permanent residence and nationality for Finnish citizens signing statements of support."). They seem to be also collecting full address when it's not required for Finnish citizens.
I guess it depends on how the petitions work in countries?
Where I'm from you never submit your national ID number (13 digit number given to each citizen once, never changes), but you do submit the "number" of your national ID (9 numbers and letters, changes when you move places or every 10 years, whichever comes first) when signing any petition.
This originates from what was at the time the least controversial part of the Patriot Act. If you want to be able to exchange cryptocurrencies to a Visa/Mastercard, the service needs your ID, regardless of where you're from.
I bought some crypto on one of the local_x sites and the guy made me write _by hand_ a letter about my ID being real. A "do you want the money or not" conversation ensued.
I prefer zero-dependency single file executables. Elegant and easy to comprehend. Docker only adds another layer of abstraction and its advantages are questionable.
