POLITICS & INSTITUTIONS - INSTITUTIONS

Technical error 

Data of 24,000 people leaked on parliament website



Luxembourg’s Chamber of Deputies confirmed the data leak on 5 August Photo: Maison Moderne

Luxembourg’s Chamber of Deputies confirmed the data leak on 5 August Photo: Maison Moderne

The personal information of more than 24,000 people who signed a public petition online was freely accessible online, the Chamber of Deputies has confirmed, saying the technical error has since been fixed. 

A user on 2 August reported the problem when looking up their own personal profile on the website. The names and places of residence of more than 24,000 petition signatories had been automatically made public. Users normally have to give consent for those details to be shared.

“The problem did not arise due to a malicious act of some sort but as a result of a technical error that was also resolved as soon as it was brought to our attention,” the parliament’s secretary general, Laurent Scheeck, told Delano.

“The user reported the error around 10am and in a matter of hours it was rectified,” he said, adding that this was the first incident of this kind on the chd.lu website. These data were not accessible at any point on the new petitiounen.lu website, which is the main tool for submitting, signing and consulting public petitions, the parliament clarified in a press release, adding that no other data type asides names and residences was involved and that plans are on the way to launch a new version of the chd.lu website between now and the end of next year. 

Public petitions that receive more than 4,500 signatures must be debated in parliament. When signing a petition, signatories can choose to make their data (name and place of residence) public or not.

The source of the glitch is being analysed, Scheeck said. The information could have been online since June, he said, however the exact dates when the technical error occurred will be subject to a detailed analysis.

Luxembourg's data protection watchdog, the CNDP, was notified following the  event. The national data protection agency recently imposed a fine of €746 million on Amazon for violations of EU privacy rule.

Updated on 6 August at 10am to specify how the information came to be online.