The Minister for Social Protection, Regina Doherty, and the Minister for Finance, Paschal Donohoe, have informed the government that provision and use of the Public Services Card (PSC), not just by the Department of Employment Affairs and Social Protection (DEASP), but by other public bodies shall continue. The DEASP has written to the Data Protection Commission (DPC) advising it of this decision. In doing so, the Government accepts that it may be necessary for the matter to be referred to the courts for a definitive decision. The DEASP intend to publish the DPC’s investigation report following further engagement with the DPC.
Continue Reading Government challenges findings of Data Protection Commission about Public Services Cards
Privacy
ICO clarifies time limit for responding to subject access requests
The UK Information Commissioner’s Office (ICO) has amended its guidance on the time limit for responding to a subject access request (SAR).
Under Article 12 GDPR, a data controller must respond to a SAR “without undue delay and in any event within one month of receipt of the request.” This can be extended by a further two months if the request is complex or a number of requests have been made by the data subject.Continue Reading ICO clarifies time limit for responding to subject access requests
DPC Publishes Statement on the Public Services Card
On Friday 16 August 2019, the Data Protection Commission (DPC) published its findings on certain aspects of the Public Services Card (PSC). The DPC found that seven out of eight of its findings were adverse to the positions advanced by the Department of Employment and Social Protection (DEASP) and that there is and has been non-compliance with the applicable provisions of data protection law.
Continue Reading DPC Publishes Statement on the Public Services Card
UK Government sets out proposed derogations under GDPR
The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.
Continue Reading UK Government sets out proposed derogations under GDPR
Digital Age of Consent agreed by Irish Government
News reports have confirmed that on Wednesday 26 July, after a public consultation period on the issue, the Irish Government have agreed to set the digital age of consent at 13 years of age. Article 8 of the General Data Protection Regulation (GDPR) provides that a child under the age of 16 cannot consent to the processing of their personal data without the express consent of their parents. EU Member States have been granted the discretion to set a lower age under the GDPR provided that it is no lower than 13.
The decision follows consideration of a submission made…
Continue Reading Digital Age of Consent agreed by Irish Government
EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights
On 26 July 2017 the Court of Justice of the European Union (CJEU) delivered its Opinion that the draft Passenger Name Record (PNR) Agreement between the EU and Canada is not compatible with the EU Charter of Fundamental Rights (the Charter) and may not be concluded in its current form. The Opinion follows a referral by the European Parliament to the CJEU and is the first time the Court has been requested to examine the compatibility of an international agreement with the EU Charter.
Continue Reading EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights
ICO Releases International Strategy
The UK Information Commissioners Office (the ICO) has released an International Strategy (the Strategy) in which it outlines its plans for 2017 – 2021 to deal with the data protection challenges presented by globalism, the GDPR and Brexit. The Strategy which can be read in full here is the first with an international emphasis released by the ICO. It is described by the UK Information Commissioner, Elizabeth Denham, in a statement on 4 July, as a “blueprint” for how the ICO will deliver its international objectives.
The Strategy reiterates the ICO’s commitment to assisting with the implementation of the GDPR…
Continue Reading ICO Releases International Strategy
ICO rules Virgin’s CCTV images of Jeremy Corbyn didn’t break data protection law
The UK Information Commissioner’s Office (the ICO) has ruled that Virgin Trains East Coast (Virgin) did not break data protection law when it published CCTV images of the UK’s Labour party leader, Jeremy Corbyn. Virgin released the footage last year following Mr Corbyn’s comments that a Virgin train he was travelling on from London to Newcastle was “ram-packed”. The footage shows Mr Corbyn walking past empty seats.
Following its investigation, the ICO found that Virgin had a “legitimate interest” to release the footage of Mr Corbyn: “namely correcting what it deemed to be misleading news reports that…
Continue Reading ICO rules Virgin’s CCTV images of Jeremy Corbyn didn’t break data protection law
Article 29 Working Party Opinion on Data Processing at Work
The Article 29 Working Party (WP29) has recently provided its Opinion 2/2017 on data processing at work. The Opinion, adopted on 8 June 2017, highlights the risks and challenges of processing employees’ personal data in light of new technologies. While the Opinion focuses on the current data protection regime, it also considers some of the obligations arising under the General Data Protection Regulation (GDPR) from 25 May 2018.
Continue Reading Article 29 Working Party Opinion on Data Processing at Work
ODPC Issues Guidance on Canvassing, Data Protection and Electronic Marketing
In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this area (see previous blog here).
The Guidance includes an overview of the provisions in relation to unsolicited marketing and cookie use as contained in the EC (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336 of 2011). It also emphasises …
Continue Reading ODPC Issues Guidance on Canvassing, Data Protection and Electronic Marketing