Norwegian version of this page

Data protection regulations in eValg (privacy)

Details about eValg's privacy and data protection, following  the privacy and data protection at UiO.

Please contact us if you have any questions.

Note: There are two versions available, at valg.uio.no and valg2.uio.no. The former stores a bit less personal information.

Purpose

eValg is an election system that support election processes in the university democracy digitally. Digital elections save time both for voters and makes parts of the process more trustworthy.

In eValg, every person with an UiO account are able to use the service. This is to make sure that all that are entitled to vote are able to, even if they are incorrectly not on the voting list. The election board must consider every such case manually.

Previously elections at UiO was done with papers, either as ballott or through mail. Tnhis was less practical, less safe considering confidentiality and integrity, and more resource demanding for the election board. eValg digitalizes this process, by letting the voters vote online.

What is stored about you?

Voters are grouped in a) scientifically employed, 2) temporary scientifically employed, 3) administratively employed, and 4) students. Most students and employees have the right to vote in several elections in a year. The list of who has the right to vote is retrieved from Felles Studentsystem and UiOs personell system (SAP).

What personal information is stored in eValg:

  • National identification number and other identifiers, e.g. passport number. This is needed to know if a person already has voted, to avoid that one persons votes could count more than once. The identifiers are mainly retrieved from Felles Studentsystem and/or the employee register, but the election board are allowed to manually add more identifiers.
    Note that these identifiers are only used in eValg 2, but not in the newest, eValg 3.

  • Feide ID. This is used to make sure that only a users last vote counts, and to verify if the users vote is automatically accepted in the election. Feide ID is mainly retrieved from Felles Studentsystem and/or the employee register, but the election board is allowed to manually add and remove identifiers. Feide ID is also stored when you log on.

  • Full name. The name of the voter makes it easier for the election board to verify if peoples votes should count in the election. The name is stored when you log on.

  • E-mail. eValg informs the voter that he or she has voted, to avoid abuse. It could also be used to notify all voters when an election opens or is about to close. This data is mainly retrieved from Felles Studentsystem and/or the employee register.

  • Your voter group (electoral roll), e.g. if you are an employee or student. This is mainly retrieved from Felles Studentsystem and/or the employee register, but the election board is allowed to edit the groups.

Some personal information is also stored when a person votes:

  • What the person has voted on. This could reveal sensitive information, e.g. political views or unity relations. This information is therefore protected by an asynchronous encryption, for which only the election board and Sentralt Valgsekretariat has the decryption key. An exploit of eValg would not be enough to reveal what people have voted on.

  • IP address from where the voted was give. This is used if there are suspicions of misuse.

  • The time for when the vote was given. This is used if there are suspicions of misuse.

  • Identifiers from Feide. This is to avoid that one person could count in more than one vote.

  • The reason for why a persons vote should be counted in the election. This is voluntary for the person to write, if the person is not in the given voter group. This could make it easier for the election board to decide if the persons vote should count or not.

eValg processes personal information for several reasons:

  • To fullfill the election process, by counting the votes and get an election result.

  • To secure the election process, by connecting the username against the correct person.

  • Identify if a person is part of a voter group, to automatically accept the vote without requiring the election board to process each vote. Being part of a voter group is a "pre acceptance" to vote.

  • Statistics about the election.

Personal information is also used to test parts of the service, e.g. to verify if the voter groups are correct and that the logon works before the new versions are put into production. The development of eValg is normally done without any real personal information.

The ballots from an election is encrypted before storing, and is kept until the deadline for complaints for the election has passed. This is necessary to be able to recount the election with minor changes, without having to redo the whole election process. The ballots are deleted by the election board after the deadline has passed.

The election protocol, which contains the names of the candidates and when people voted, is archived in UiOs archive system, and is not deleted. Technical logs are stored for six months, and might contain some personal information.

Personal information is not shared with others outside the University of Oslo, except if the election board contains external participants.

Legal basis

According to universitets- og h?gskulelova, 1. april 2005 nr. 15 om universiteter og h?yskoler § 9-3 og 9-4 do we have election of the University Board. University of Oslo also has an elected Rector, according to § 10-2. University of Oslo has its own valreglement (norwegian only) which must be followed by all elections of University Board, rectorat, deans, and faculty and department boards.

eValg needs personal information about all persons affiliated with UiO to be able to fullfill a secure election process, jf. universitets- og h?yskoleloven § 4-15 (1) for ? oppfylle institusjonens oppgaver.

Basis for treatment

Personal information in eValg has basis in Personvernforordningen art. 6 nr. 1 bokstav e: N?dvendig for ? utf?re en oppgave i allmennhetens interesse, jf. universitets- og h?yskoleloven § 4-15 (1) to fulfill the institions assignments. eValg has also basis in the category of personal information that is considered as sensitiv, according to  Personvernforordningen art. 9 nr. 2 bokstav g: n?dvendig av hensyn til viktige allmenne interesser, jf. universitets- og h?yskoleloven §§ 9-4 og 10-2.

The latter category, of sensitive personal information, is secured through asynchronous encryption, which can not be encrypted by eValg. This secures peoples rights, in addition to increase the confidentiality and integrity of the elections, and makes sure that is easy for people to use their right to vote in elections at the university. An exploit in eValg is not enough to find out what people have voted on.

More information

See EUs information about Rights for citizens.

Published Jan. 28, 2021 3:29 PM - Last modified Jan. 28, 2021 3:30 PM