The father of Public Works and Planning Minister Stefan Zrinzo Azzopardi, Joseph Zrinzo, was also involved in C-Planet IT Services along with the minister’s brother-in-law Philip Farrugia but resigned from his position right after the electioneering data scandal broke.
The company was involved in a massive data breach of information and political preferences of 337,384 voters that made its way to the Labour Party before the 2013 election, which the party won in a landslide.
The data breach happened during Zrinzo Azzopardi’s time as party president between 2003 and 2013 and came from a company run and owned by his brother-in-law and in which his father was also involved.
Zrinzo had served as company secretary but resigned from the post after the political scandal broke and freedom of information requests on the company’s voter data breach were filed in April 2020.
Farrugia assumed Zrinzo’s position upon his exit from the scandal-tainted company and remains the company’s sole shareholder and director.
Zrinzo’s resignation was filed at the Malta Business Registry on 23 December 2020 but was strangely backdated to an effective date of 3 June 2020. The company had first been registered in June 2007.
The data breach involved a voter database that held personal information such as names, addresses and ID card details of almost the entire electorate.
The data also included indicators as to whether individuals were more inclined to vote for the Labour Party or the Nationalist Party.
Online monitoring service – Under The Breach – first revealed the breach when it tweeted that data had been left exposed by a Maltese IT company.
The minister’s brother-in-law and company owner Philip Farrugia is a former production director at the Labour Party media company ONE Productions.
Soon after the story broke in The Times of Malta at the beginning of April 2020, freedom of information requests were filed, one by independent politician Arnold Cassola.
Information and Data Protection Commissioner Ian Deguara this week settled the complaint and gave the company 20 days to release the information held on the complainant and to explain where the data had been sourced from.
Anything short of that and a “proportionate and dissuasive” fine would be issued, the Commissioner warned.
Cassola has demanded an official apology from the Labour Party and for Zrinzo Azzopardi’s resignation over the affair: “Our political profiling was done when Zrinzo Azzopardi was the Labour Party President. The Labour Party must apologise and Zrinzo Azzopardi must resign.”
The company had refused Cassola’s freedom of information request by citing ongoing legal proceedings after NGO Repubblika, the Daphne Caruana Galizia Foundation and over 600 claimants initiated court proceedings into the March 2020 leak.
The company had refused the request by citing ongoing legal proceedings, as well as claiming it did not have access to the data at the time since it was in the possession of the police and the IDPC.
The IDPC, however, put paid to the excuse by saying the company “was processing the personal data pertaining to the complainant at the time of receipt of the request”.
Nor did the IDPC find any validity to the company’s claim that court proceedings could stand to be jeopardised if the information was released, finding that, “A mere reference to an existing investigation… is certainly not sufficient to restrict the fundamental right of the complainant.”
The finding comes after Cassola reported the matter to the IDPC back in 2020. In January 2022, the Commissioner found the company guilty and fined it €65,000, the largest IDPC fine on record. The previous record was held by the €5,000 fine meted out to the Lands Authority.