Photo of Neasa Ni Ghrada

The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.
Continue Reading UK Government sets out proposed derogations under GDPR

The European Commission (EC) has opened an online public consultation on the targeted revision of EU consumer law (the Consultation). The Consultation follows the EC’s publication of the results of its Fitness Check on consumer and marketing law and of the evaluation of the Consumer Rights Directive (Directive 2011/83/EU) (the CRD).
Continue Reading European Commission opens public consultation on EU Consumer Law

The UK Information Commissioner’s Office (the ICO) has ruled that Virgin Trains East Coast (Virgin) did not break data protection law when it published CCTV images of the UK’s Labour party leader, Jeremy Corbyn. Virgin released the footage last year following Mr Corbyn’s comments that a Virgin train he was travelling on from London to Newcastle was “ram-packed”. The footage shows Mr Corbyn walking past empty seats.

Following its investigation, the ICO found that Virgin had a “legitimate interest” to release the footage of Mr Corbyn: “namely correcting what it deemed to be misleading news reports that
Continue Reading ICO rules Virgin’s CCTV images of Jeremy Corbyn didn’t break data protection law

The Office of the Data Protection Commissioner (the ODPC) has released a guidance note on connected toys (the Guidance Note). The Guidance Note highlights the possible data protection issues that might occur when children and parents use toys with microphones and cameras that have an ability to connect to the internet.

The ODPC warns of certain potential issues with the personification of connected toys, in particular dolls. Some of these toys provide an interactive experience by reacting to selected words. This may give the impression of an emotional response to what the child says or does. In some instances, these toys are enabled to collect and record these “conversations” between the child and the connected toy on apps, smartphones or tablets. The ODPC cautions that some of these connected toys’ terms and conditions allow these potentially sensitive recordings to be shared with other companies and used for the basis of targeted advertising.Continue Reading Child’s Play: The Office of the Data Protection Commissioner releases Guidance Note on Connected Toys

On 13 September 2016, the Central Bank of Ireland (the CBI) published new guidance on IT risk management and cybersecurity for financial service firms. Publication of the Guidance follows the CBI’s previous actions in relation to cyber risks in the funds, insurance and banking sectors (see previous blog here). The CBI acknowledges that IT plays an integral part in the supply of financial services and calls on Boards and Senior Management of regulated firms to recognise the ever increasing incidences of cyber-attacks and business interruptions. It requests such firms to acknowledge their responsibilities in this regard and prioritise IT security. This responsibility involves establishing and maintaining a resilient IT strategy, while ensuring that it aligns with the firm’s general business strategy. It states that a robust oversight and engagement on IT matters at the Board and Senior Management level promotes an IT and security risk aware culture within the firm.
Continue Reading The Central Bank of Ireland publishes new Cross Industry Guidance on IT and Cybersecurity Risks

Following the Brexit Referendum and the uncertainty now surrounding the future of data flows between the UK and the remaining EEA States, the UK Information Commissioner’s Office has published an update on its blog: “GDPR still relevant for the UK“. The update emphasises the importance of the GDPR to many organisations in the UK and notes:

“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries

Continue Reading ICO states that GDPR is still relevant for the UK

The Office of the Data Protection Commissioner (ODPC) has contacted Dublin City Council in relation to its data protection concerns surrounding the City Council’s new anti-litter poster initiative. As part of the initiative the City Council had erected a billboard in the north inner city featuring CCTV images of 12 people who appear to be engaging in illegal dumping around the Amiens Street-Five Lamps area. Although the faces were slightly blurred due to the quality of the CCTV footage, the City Council stated that the people would be able to identify themselves from the images, as most likely
Continue Reading ODPC contacts Dublin City Council regarding anti-litter posters

In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this area (see previous blog here).

The Guidance includes an overview of the provisions in relation to unsolicited marketing and cookie use as contained in the EC (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336 of 2011). It also emphasises

Continue Reading ODPC Issues Guidance on Canvassing, Data Protection and Electronic Marketing

In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".

Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing. Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register

On 14 September 2015, Minister of State for International Financial Services Simon Harris TD launched the FPAI, a new trade association founded to further the interests of stakeholders involved in the rapidly evolving Irish FinTech sector.  

FinTech (financial technology) is the term used to describe any technology applied to financial services. Across the broad spectrum of FinTech products available, everyday examples include mobile banking, peer to peer lending, digital currency (e.g. Bitcoin), crowdfunding (e.g. Kickstarter) and online payments systems (e.g. Stripe). Continue Reading Minister for International Financial Services launches FinTech and Payments Association of Ireland (FPAI)