A user on 2 August reported the problem when looking up their own personal profile on the website. The names and places of residence of more than 24,000 petition signatories had been automatically made public. Users normally have to give consent for those details to be shared.

“The problem did not arise due to a malicious act of some sort but as a result of a technical error that was also resolved as soon as it was brought to our attention,” the parliament’s secretary general, Laurent Scheeck, told Delano.

“The user reported the error around 10am and in a matter of hours it was rectified,” he said, adding that this was the first incident of this kind on the chd.lu website. These data were not accessible at any point on the new petitiounen.lu website, which is the main tool for submitting, signing and consulting public petitions, the parliament clarified in a press release, adding that no other data type asides names and residences was involved and that plans are on the way to launch a new version of the chd.lu website between now and the end of next year. 

Public petitions that receive more than 4,500 signatures must be debated in parliament. When signing a petition, signatories can choose to make their data (name and place of residence) public or not.

The source of the glitch is being analysed, Scheeck said. The information could have been online since June, he said, however the exact dates when the technical error occurred will be subject to a detailed analysis.

Luxembourg's data protection watchdog, the CNDP, was notified following the  event. The national data protection agency recently imposed a for violations of EU privacy rule.

Updated on 6 August at 10am to specify how the information came to be online.