Under Section 26 of the Data Protection Acts 1988 and 2003, an appeal before the courts is provided for against a decision of the Data Protection Commissioner in relation to a complaint under Section 10(1)(a) of the Acts. The scope and applicable review standard for such an appeal was one of two key issues which came before the Supreme Court in the recent case of Nowak v. The Data Protection Commissioner (Judgment of O’Donnell J delivered on 28th April 2016).Continue Reading Nowak v. The Data Protection Commissioner: Data subjects’ right of appeal and testing the boundaries of “personal data”

The Office of the Data Protection Commissioner (ODPC) has contacted Dublin City Council in relation to its data protection concerns surrounding the City Council’s new anti-litter poster initiative. As part of the initiative the City Council had erected a billboard in the north inner city featuring CCTV images of 12 people who appear to be engaging in illegal dumping around the Amiens Street-Five Lamps area. Although the faces were slightly blurred due to the quality of the CCTV footage, the City Council stated that the people would be able to identify themselves from the images, as most likely
Continue Reading ODPC contacts Dublin City Council regarding anti-litter posters

In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this area (see previous blog here).

The Guidance includes an overview of the provisions in relation to unsolicited marketing and cookie use as contained in the EC (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336 of 2011). It also emphasises

Continue Reading ODPC Issues Guidance on Canvassing, Data Protection and Electronic Marketing

In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".

Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing. Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register

On 1 October, the Court of Justice of the European Union (CJEU) handed down its judgement in the Weltimmo case (Case C‑230/14), a decision which could have important ramifications for the data protection obligations of companies operating across multiple EU member states. The CJEU effectively held that where a company has a representative in a country and operates services directed at that country, the company can be held accountable by that country’s data protection authority despite not being formally established in that country.Continue Reading CJEU publish important decision on territorial application of data protection law

As has been reported widely in the world media, the Court of Justice of the European Union (CJEU) this week declared the EU-US Safe Harbour regime to be invalid. The decision has understandably given rise to a lot of concern among European businesses that transfer data to the US.

In this blog post, we seek to answer the main questions that are being asked following the CJEU ruling. Continue Reading Data in Disarray: The Aftermath of the Safe Harbour Decision

The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015

There has been much debate during 2014 about the effectiveness of the US Safe Harbour regime. Many EU commentators have queried its effectiveness, pointing in particular to the lack of enforcement over the years by the Federal Trade Commission (FTC), the body which effectively is charged with dealing with complaints that companies are not in compliance with their public representations of adherence to the Safe Harbour principles.
Continue Reading SnapChat Signs Up to 20 Years of Data Protection Audits

On November 23rd, Symantec, the American antivirus company, announced the discovery of a piece of software called Regin, which it had found lurking on computers and stealing data in Ireland, Russia, Saudi Arabia and several other countries. Its sophistication and stealth led Symantec to conclude that it must have been created by a nation-state.

The Regin software appears to have been lurking on some computer systems from as long ago as 2008 and Symantec said it was unusually low-key, meaning it could be used on a target for several years before being noticed. Symantec have described the purpose of Regin

Continue Reading Regin – State Sponsored Hacking