The Minister for Social Protection, Regina Doherty, and the Minister for Finance, Paschal Donohoe, have informed the government that provision and use of the Public Services Card (PSC), not just by the Department of Employment Affairs and Social Protection (DEASP), but by other public bodies shall continue. The DEASP has written to the Data Protection Commission (DPC) advising it of this decision. In doing so, the Government accepts that it may be necessary for the matter to be referred to the courts for a definitive decision. The DEASP intend to publish the DPC’s investigation report following further engagement with the DPC.
Continue Reading Government challenges findings of Data Protection Commission about Public Services Cards

Digital Rights Ireland (DRI) intend to serve legal proceedings on the Government in the coming days, claiming that the Office of the Data Protection Commissioner (ODPC) has acted in breach of EU law by failing to ensure that the Data Protection Commissioner (DPC) exercises her role independently. The High Court is to be asked to make a referral to the EU’s highest court for a ruling on whether the DPC is truly independent under EU law.
Continue Reading Independence of ODPC called into question

Recent high profile security incidents illustrate that no institution or business is immune from cyber attack. A cyber attack on the White House in 2014 resulted in a partial shutdown of its email system. In a reported attempt to extort money from the ECB, email addresses and other user contact information were stolen in 2014. Confidential movie scripts and emails about staff and movie stars were released as part of the 2014 Sony hack. Already this year, the Carphone Warehouse security breach in early August and the more recent Ashley Madison hack have received extensive media coverage.

Continue Reading Cyber risk – the legal landscape

“The next big financial shock will arise from a succession of cyber-attacks on financial services firms.” 

This is the case according to the Chairman of the International Organisation of Securities Commission as cited by the Central Bank of Ireland’s Deputy Governor, Cyril Roux, during a recent address to the Society of Actuaries.

Continue Reading Cyber Security – The Next Big Financial Shock

Model Contracts are standard contractual clauses for the transfer of personal data outside the EU/EEA which have been approved by the European Commission.  They have been approved on the basis that they provide sufficient safeguards for privacy, fundamental rights and the exercise of those rights.  To date two sets of standard contractual clauses for the transfer of personal data outside the EU/EEA from data controllers to data controllers and one set for transfers from data controllers to data processors have been approved by the Commission.Continue Reading Transfer Tools Post Schrems: EU Data Protection Authorities’ Common Position on Model Contacts

The Office of the Data Protection Commissioner is to get a €1.2m increase in funding for 2016. Minister for European Affairs and Data Protection, Dara Murphy announced the measure, under Budget 2016, and said that the increased resources are bring provided to "ensure that Ireland continues to have an excellent regulatory and enforcement regime for data protection, and that we are fully equipped to adapt to the ever-increasing pace of change in the digital economy".Continue Reading Government announces €1.2m increase in funding for the Office of the Data Protection Commissioner

As has been reported widely in the world media, the Court of Justice of the European Union (CJEU) this week declared the EU-US Safe Harbour regime to be invalid. The decision has understandably given rise to a lot of concern among European businesses that transfer data to the US.

In this blog post, we seek to answer the main questions that are being asked following the CJEU ruling. Continue Reading Data in Disarray: The Aftermath of the Safe Harbour Decision

The Office of the Data Protection Commissioner (ODPC) participated in the third Global Privacy Enforcement Network (GPEN) Privacy “Sweep” (the Sweep) which took place between 11th and 15th May 2015. The aim of the Sweep was to examine the data privacy practices of websites and apps aimed at or popular among children.Continue Reading GPEN Privacy Sweep 2015 raises Concerns over Children’s Apps

On 14 September 2015, Minister of State for International Financial Services Simon Harris TD launched the FPAI, a new trade association founded to further the interests of stakeholders involved in the rapidly evolving Irish FinTech sector.  

FinTech (financial technology) is the term used to describe any technology applied to financial services. Across the broad spectrum of FinTech products available, everyday examples include mobile banking, peer to peer lending, digital currency (e.g. Bitcoin), crowdfunding (e.g. Kickstarter) and online payments systems (e.g. Stripe). Continue Reading Minister for International Financial Services launches FinTech and Payments Association of Ireland (FPAI)