ParliView — European Parliament Transparency Platform
Effective Date: 20 February 2026
Last Updated: 19 March 2026
Version: 2.1
ParliView is a university research project that helps you explore European Parliament information using AI. Here is a short summary of how we handle your data:
For full details, please read the sections that follow.
Data Controller:
University College Dublin (UCD)
Belfield, Dublin 4, Ireland
Principal Investigator:
Dr James Cross
School of Politics and International Relations
University College Dublin
Email: admin@parliview.org
UCD Data Protection Officer:
Email: gdpr@ucd.ie
Phone: +353 1 716 8743
Funder:
Silicon Valley Community Foundation (EUR 1.5 million grant). The funder has no role in research design, data collection, analysis, or publication decisions. The research team maintains full academic independence.
Project Partners:
| Partner | Location | Role |
|---|---|---|
| University of Strathclyde | Glasgow, UK | Collaborative research partner |
| Transparency International EU | Brussels, Belgium | Collaborative research partner |
Ethics Approval:
This research has been approved by the UCD Human Research Ethics Committee (Reference: 025-HS-26-C-Cross).
To use ParliView, you must create an account via AWS Cognito. We collect:
Your account is assigned a pseudonymous user identifier (a UUID, known as a Cognito sub). This identifier is used throughout the platform to link your activity without routinely exposing your email address or name. Your email address is also used to send platform access and onboarding communications (for example, welcome emails and access confirmations) via Amazon Simple Email Service (SES).
When you use ParliView, we automatically collect:
If you submit feedback through the in-app feedback mechanism, we collect:
This feedback is linked to your pseudonymous user identifier.
If you request access to ParliView before being added to the allowlist, we collect:
This data is retained for the duration of the project plus 5 years (consistent with other data types; see Section 11), even after access is granted or denied.
If your input triggers an automated content policy check (for example, keyword matching), an excerpt of up to 300 characters of the input may be stored along with the matched keyword and user context.
The platform generates operational data that is stored in logging and monitoring systems:
ban_reason) and any suspension expiry date (suspended_until) are stored as part of your Cognito account record.We occasionally distribute opt-in surveys to gather feedback on the platform. If you choose to participate, we collect:
Survey responses are pseudonymised. The survey instructs participants not to include identifying information in open-text responses. Any inadvertently provided identifying data will be redacted during analysis.
At the end of the survey, you may voluntarily provide an email address if you wish to be contacted about future research.
You are not required by law or by contract to provide any personal data to ParliView. Use of the platform is entirely voluntary. The only consequence of not providing data is being unable to use the platform. Registration requires an email address; if you choose not to provide one, you will not be able to create an account.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Provide the platform service (authentication, session management, conversation storage) | Account data, conversation history, session data | Legitimate interests (Article 6(1)(f)) |
| Improve the platform and evaluate usability | Pseudonymised interaction data, UI analytics events, feedback data | Legitimate interests (Article 6(1)(f)) |
| Understand user needs and query patterns | Pseudonymised query data, token consumption metrics | Legitimate interests (Article 6(1)(f)) |
| Academic research and publication | Pseudonymised or aggregated data | Legitimate interests (Article 6(1)(f)) |
| Platform security and performance monitoring | Technical data, infrastructure logs, application logs, distributed traces | Legitimate interests (Article 6(1)(f)) |
| Content moderation and abuse prevention | Content policy flags, moderation data (ban reason, suspension status) | Legitimate interests (Article 6(1)(f)) |
| A/B testing and platform experimentation | Group and experiment assignments | Legitimate interests (Article 6(1)(f)) |
| Process access requests | Access request data (email, name, occupation, affiliation, intended use) | Legitimate interests (Article 6(1)(f)) |
| Send platform access and onboarding communications | Email address | Legitimate interests (Article 6(1)(f)) |
| Analyse survey feedback | Survey responses | Consent (Article 6(1)(a)) |
| Contact about future research (if opted in via survey) | Email address | Consent (Article 6(1)(a)) |
Automated access restrictions: The platform includes automated systems that may restrict your access in certain circumstances:
These are standard platform access controls. They do not constitute automated decision-making producing legal or similarly significant effects under GDPR Article 22, because they do not affect your legal rights or status; they control access to a voluntary research platform.
We do NOT use your data for:
In accordance with Article 5 of the GDPR, we apply the principle of data minimisation throughout this project:
For platform interaction data, our lawful basis is legitimate interests. We have conducted balancing tests as required under Article 6(1)(f), grouped by purpose cluster. The following assessments reflect the different data types and risk profiles involved.
Purposes: Provide the platform service (authentication, session management, conversation storage); process access requests.
Purpose test: The research team has a legitimate interest in operating the platform so that users can access European Parliament information. Processing access requests is necessary to manage participation in the research.
Necessity test: Account data, session data, and conversation history are essential to providing an authenticated, stateful service. Access request data (email, name, occupation, affiliation, intended use) is necessary to evaluate eligibility. We have minimised processing by pseudonymising user identifiers and collecting optional personal details (name, phone) only where voluntarily provided.
Balancing test: The processing does not override users' rights and freedoms. Platform activity is linked to a pseudonymous UUID; only authorised members of the research team can link this to an individual, and only when necessary (for example, to fulfil data subject rights requests). Users are informed of this processing and retain the right to object (see Section 14.2).
Purposes: Understand user needs and query patterns; academic research and publication.
Purpose test: The research team has a legitimate interest in conducting academic research in the public interest to evaluate tools for democratic transparency and citizen engagement with EU institutions. This interest is shared by the project partners and the wider public.
Necessity test: Understanding how users interact with the platform, the types of queries submitted, and patterns of use is essential to evaluating the platform's effectiveness. Without this data, the research objectives cannot be achieved. Research outputs use pseudonymised or aggregated data only.
Balancing test: The processing does not override users' rights and freedoms. Query data may incidentally reveal political interests, which increases the sensitivity of this processing. To mitigate this: data is pseudonymised; access to raw query data is restricted to authorised researchers; research publications use aggregated or anonymised data; and the enhanced safeguards described in Section 7.3 apply. Users can stop participating at any time, are informed of this processing, and retain the right to object (see Section 14.2).
Purposes: Improve the platform and evaluate usability; A/B testing and platform experimentation.
Purpose test: The research team has a legitimate interest in improving the platform's design and functionality to better serve its research objectives and user needs.
Necessity test: Pseudonymised interaction data, UI analytics events, feedback data, and group/experiment assignments are necessary to identify usability issues and evaluate design changes. Without this data, platform improvements would be uninformed.
Balancing test: The processing does not override users' rights and freedoms. The data used is pseudonymised interaction data and UI events, which present a low risk to individuals. Group assignments affect only the presentation of platform features and do not impact users' legal rights or status. Users are informed of this processing and retain the right to object (see Section 14.2).
Purposes: Platform security and performance monitoring; content moderation and abuse prevention.
Purpose test: The research team has a legitimate interest in maintaining the security, integrity, and availability of the platform, and in preventing misuse.
Necessity test: Technical data, infrastructure logs, application logs, distributed traces, content policy flags, and moderation records are necessary to detect and respond to security incidents, monitor performance, and enforce platform rules. Infrastructure logs necessarily contain IP addresses, which are generated automatically by AWS services.
Balancing test: The processing does not override users' rights and freedoms. Security and moderation processing protects all users of the platform. Infrastructure logs contain IP addresses, which are more directly identifying than pseudonymous UUIDs; to mitigate this, these logs are subject to defined retention periods (see Section 11) and are not used for research purposes. Users are informed of this processing and retain the right to object (see Section 14.2).
For survey participation (see Section 2.7), we rely on your freely given, specific, informed, and unambiguous consent. Consent is obtained through a consent confirmation presented before any survey questions. You may withdraw consent at any time before submitting the survey by closing the survey. Once submitted, survey responses are pseudonymised and may not be identifiable for withdrawal; this limitation is explained before you provide consent.
For optional email provision for future contact, separate consent will be obtained. You may withdraw this consent at any time by contacting admin@parliview.org, and your email will be deleted.
Why this matters: When you ask ParliView questions about parliamentary topics, such as how MEPs voted on particular issues, your queries may incidentally reveal your political opinions or interests. Political opinions are special category data under Article 9 of the GDPR.
Our approach:
We process this data under the research exemption in Article 9(2)(j) (processing necessary for archiving purposes in the public interest, scientific research, or statistical purposes), read together with Article 89(1), which requires appropriate safeguards. This processing is authorised under Irish law by Section 54 of the Data Protection Act 2018, which permits the processing of special categories of personal data for scientific research purposes subject to appropriate safeguards, read together with Section 42 of that Act.
Enhanced safeguards we apply:
We recognise the sensitivity of political expression and apply these enhanced safeguards to protect users' rights and freedoms.
ParliView uses a retrieval-augmented generation (RAG) system combined with a large language model (LLM) to generate responses to your queries. This means:
The AI model is grounded using official, publicly available European Parliament data accessed through the EP Open Data Portal and related institutional sources. This includes structured data on MEP activities, voting records, legislative procedures, and plenary debates.
In accordance with the transparency obligations of the EU AI Act (Regulation (EU) 2024/1689), we inform you that:
We share pseudonymised or aggregated data with our project partners under the terms of the ParliView collaboration agreement:
| Partner | Location | Purpose | Data Shared | Safeguards |
|---|---|---|---|---|
| University of Strathclyde | Glasgow, UK | Collaborative research and analysis | Pseudonymised interaction data, aggregated survey data | UK adequacy decision (originally adopted 28 June 2021, renewed 19 December 2025, valid until 27 December 2031); data sharing agreement |
| Transparency International EU | Brussels, Belgium | Collaborative research on democratic transparency | Pseudonymised interaction data, aggregated survey data | GDPR applies directly; data sharing agreement |
Personal identifiers (email addresses, names) are not shared with partners.
We engage the following data processors to provide infrastructure and services for the platform:
| Processor | Services | Data Processed | Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting, authentication (Cognito), AI inference (Bedrock), logging, email delivery (SES), CDN (CloudFront), search (OpenSearch), caching (ElastiCache), and related infrastructure services | All platform data, including account data, conversation history, logs, and infrastructure data | Data processing agreement under Article 28 GDPR; primary data region eu-west-1 |
| Anthropic | Large language model inference via direct API | User queries and AI-generated responses. Queries may contain text that incidentally reveals political opinions. | Data processing agreement (Article 28 GDPR) incorporating Standard Contractual Clauses (SCCs) for transfers to the United States. Anthropic's API terms prohibit use of inputs/outputs for model training. API inputs are retained by Anthropic for up to 30 days for safety and abuse monitoring, then automatically deleted. |
We are working to consolidate all language model inference through AWS Bedrock (EU region). While the direct Anthropic API integration remains active, Anthropic is listed as a separate data processor.
Data transmitted to Anthropic via the direct API: Each API request contains the user's query text, retrieved European Parliament source documents relevant to the query, and system instructions that define the assistant's behaviour. No user identifiers (pseudonymous or otherwise), email addresses, IP addresses, or session identifiers are included in API requests. Queries may incidentally contain text that reveals political opinions (a special category under Article 9 GDPR); the safeguards described in Section 7.3 apply to this processing.
Anonymised research datasets may be deposited in academic repositories (such as the UK Data Service and Zenodo) for future research, in accordance with academic open data principles. Archived data will be fully anonymised (with pseudonymous identifiers removed or replaced) and subject to data access agreements where applicable.
Aggregated, anonymised findings may be published in academic journals, conference papers, and research reports.
User account data, conversation history, and query content are stored within the European Economic Area (EEA), hosted by Amazon Web Services (AWS) in the eu-west-1 (Ireland) region.
However, certain AWS global infrastructure services may process infrastructure-level data (IP addresses, HTTP request metadata, security events) outside the EEA. Specifically:
The data processed by these global services is limited to infrastructure-level metadata (IP addresses, HTTP headers, security events). User query content and account data remain in eu-west-1. These transfers are governed by Standard Contractual Clauses incorporated into AWS's data processing agreement, in accordance with Article 46(2)(c) GDPR.
The only intentional international transfer is to the University of Strathclyde in the United Kingdom. The UK benefits from an adequacy decision by the European Commission, originally adopted on 28 June 2021 and renewed on 19 December 2025 (valid until 27 December 2031), under Article 45 of the GDPR.
Where the direct Anthropic API is used for language model inference (see Section 9.1.1), user queries and retrieved European Parliament source documents are sent to Anthropic's servers in the United States. This transfer is governed by Standard Contractual Clauses (SCCs) incorporated into Anthropic's data processing agreement, in accordance with Article 46(2)(c) GDPR. Anthropic has also certified under the EU-US Data Privacy Framework, providing an additional layer of adequacy commitment. We have conducted a transfer risk assessment and concluded that, given the nature of the data transferred (query text and publicly available parliamentary documents, with no user identifiers), the SCCs and Anthropic's technical and organisational measures provide appropriate safeguards. No user identifiers, email addresses, or IP addresses are included in API requests.
| Data Type | Retention Period | After Retention |
|---|---|---|
| Account data (Cognito) | Duration of the project + 5 years (the project is funded until 2028; data will be retained until 2033 at the latest) | Securely deleted |
| Conversation history (DynamoDB) | Duration of the project + 5 years. No automatic time-to-live (TTL) is configured; data is retained until manual deletion. | Archived in academic repositories (fully anonymised) or securely deleted |
| Token consumption metrics (DynamoDB) | Duration of the project + 5 years. No TTL configured. | Securely deleted |
| Access request data (DynamoDB) | Duration of the project + 5 years | Securely deleted |
| Feedback data (DynamoDB) | Duration of the project + 5 years. No TTL configured. | Securely deleted |
| Survey responses | Duration of the project + 5 years | Archived in academic repositories (fully anonymised) or securely deleted |
| Future contact email addresses (from survey) | Until the contact opts out, or end of project + 5 years (whichever is sooner) | Securely deleted |
| Application logs (CloudWatch) | 90 days | Automatically purged after retention period |
| Application logs (OpenSearch) | 90 days | Automatically purged after retention period |
| Session data (Redis/ElastiCache) | 24-hour TTL (automatically purged) | Automatically purged |
| Distributed traces (X-Ray) | 30 days (AWS default) | Automatically purged |
| Infrastructure logs (CloudFront, ALB, WAF) | 90 days | Automatically purged after retention period |
| Audit logs (CloudTrail) | 1 year | Automatically purged after retention period |
| Data held by Anthropic (direct API) | Up to 30 days (for safety and abuse monitoring) | Automatically deleted by Anthropic |
| Archived research datasets | Indefinitely | Remain in academic repositories in fully anonymised form |
After the retention period, data that has not been archived will be securely deleted using industry-standard methods.
We protect your data through the following technical and organisational measures:
The platform is designed so that the pseudonymous user identifier (UUID) is the primary key used in application logs, conversation records, and analytics. Email addresses and other directly identifying information should not appear in these systems. However, the following exceptions currently exist:
ParliView uses a limited number of cookies that are strictly necessary for the platform to function:
| Cookie Name | Purpose | Duration | Type | Attributes |
|---|---|---|---|---|
sid | Maintains your authenticated session. Session data (including your Cognito user profile) is stored server-side in Redis; only a random identifier is stored in the cookie. | 24-hour rolling TTL | Essential | HttpOnly, Secure, SameSite |
| Cognito Managed Login cookies | Set by AWS during the OAuth authentication flow. These cookies are managed by AWS and are necessary for the login process to function. ParliView does not control their content or duration. | Varies (set by AWS) | Essential | Set by AWS |
Essential cookies do not require consent under Article 5(3) of the ePrivacy Directive because they are strictly necessary for the provision of the service you have requested.
The platform uses browser storage mechanisms for functional purposes:
pendingGroupUuid, pendingGroupId, pendingEventCode). This data is cleared automatically when you close the browser tab.We do not use any third-party analytics tools on this website. No analytics data is shared with external services, and no third-party analytics scripts are loaded when you visit the site. UI analytics events (see Section 2.2) are collected by our own infrastructure.
The ParliView application does not load resources from third-party servers. All fonts, stylesheets, and scripts are bundled and self-hosted. However, the Cognito Managed Login pages (used during the authentication flow) are served by AWS and may load their own resources. We do not control the content of these pages.
Under the General Data Protection Regulation, you have the following rights. Because your data is pseudonymised (not anonymous), we can identify your records using your Cognito account and fulfil these rights. We will respond to any valid request within one month of receipt, in accordance with Article 12(3) of the GDPR. If your request is complex or we receive a high volume of requests, we may extend this by up to two further months, and we will inform you of the reason for any delay within one month.
| Right | GDPR Article | Description |
|---|---|---|
| Access | Article 15 | Request confirmation of whether we process your data, and obtain a copy |
| Rectification | Article 16 | Request correction of inaccurate personal data |
| Erasure | Article 17 | Request deletion of your personal data (“right to be forgotten”) |
| Restriction | Article 18 | Request that we limit processing of your data |
| Data Portability | Article 20 | Receive your personal data in a structured, commonly used, machine-readable format. Note: this right applies only to data processed on the basis of consent (Article 6(1)(a)) or contract (Article 6(1)(b)). Most ParliView data is processed under legitimate interests and may not be subject to portability. |
| Object | Article 21 | Object to processing based on legitimate interests (see Section 14.2) |
| Withdraw Consent | Article 7(3) | Withdraw consent for survey participation or email contact at any time (see Section 14.4) |
| Complaint | Article 77 | Lodge a complaint with a supervisory authority |
You have the right to object to our processing of your data where that processing is based on legitimate interests (Article 6(1)(f)).
If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
To exercise your right to object, contact admin@parliview.org.
We are committed to fulfilling erasure requests. However, you should be aware of the following technical limitations:
When you submit an erasure request, we will: delete your Cognito account, soft-delete your conversation and feedback data (and permanently purge it as soon as technically feasible), remove your email from the allowlist, and confirm what data remains in logging systems along with its expected retention period.
Email contact consent: You may withdraw your consent to being contacted about future research at any time by emailing admin@parliview.org. Your email address will be deleted within 30 days of your request.
To exercise any of your data protection rights, you may contact:
Principal Investigator:
Dr James Cross
School of Politics and International Relations
University College Dublin
Email: admin@parliview.org
UCD Data Protection Officer:
Email: gdpr@ucd.ie
Phone: +353 1 716 8743
Process: We will acknowledge your request within 5 working days and provide a substantive response within one month (extendable by up to two months for complex requests, with notification). We may ask you to verify your identity before processing your request. There is no fee for exercising your rights.
Supervisory Authority:
If you are unsatisfied with our response, you have the right to lodge a complaint with:
Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 1 765 0100 / 1800 437 737
You may also complain to the supervisory authority in your EU/EEA Member State of residence or place of work.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
Because user data is pseudonymised, the impact of a breach involving application-level data (conversation history, usage metrics) would be limited, as the data is not directly identifiable without access to the Cognito User Pool. However, we maintain full breach notification procedures as a matter of legal compliance and good practice.
A Data Protection Impact Assessment (DPIA) has been conducted for this project in accordance with Article 35 of the GDPR. A DPIA is required because the processing involves:
The DPIA identified the risks associated with special category data processing and confirmed that the safeguards described in this policy (pseudonymisation of user identifiers, restricted access, encryption, data processing agreements) reduce residual risks to an acceptable level.
The DPIA is being reviewed to ensure it fully reflects the current data model, in which users are authenticated via Cognito and data is pseudonymised rather than anonymous. This review will be completed before public launch. The DPIA specifically considers the risks arising from the transfer of user query data to Anthropic in the United States via the direct API path, including the adequacy of Standard Contractual Clauses as a transfer mechanism and the implications of a third-party processor handling data that may incidentally reveal political opinions (a special category under Article 9).
The DPIA is available for review by the Data Protection Commission upon request.
At present, access to ParliView is restricted to pre-approved research participants via an email allowlist. Participants are informed about data processing through this privacy policy and the participant information sheet.
For the planned public launch, we will implement a post-login acknowledgement interstitial that requires users to acknowledge this privacy policy before using the platform. Acknowledgement records will include the version of the policy acknowledged and the date of acknowledgement. This section will be updated once the acknowledgement mechanism is in place.
This acknowledgement is a transparency mechanism; it does not constitute consent under Article 6(1)(a) GDPR. The lawful basis for processing remains legitimate interests as described in Section 7.
ParliView is not intended for use by individuals under 18 years of age. This threshold reflects both the requirements of the ethical approval granted for this research project and a precautionary approach to ensure compliance with data protection requirements for minors across all EEA jurisdictions, where the digital age of consent varies between 13 and 16. We do not knowingly collect data from children. If we become aware that data has been collected from a person under 18, we will take steps to delete it.
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or project activities. When we make changes:
We encourage you to review this policy periodically.
For questions about this privacy policy or your data:
Dr James Cross
School of Politics and International Relations
University College Dublin
Email: admin@parliview.org
For data protection queries:
UCD Data Protection Officer
Email: gdpr@ucd.ie
Phone: +353 1 716 8743
For complaints about data processing:
Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 1 765 0100 / 1800 437 737
This research has been approved by the UCD Human Research Ethics Committee (Reference: 025-HS-26-C-Cross).
ParliView website: https://www.parliview.org