Photo of Davinia Brennan

The Irish Government has published its legislation programme for Autumn 2018.  The programme lists priority legislation for publication this Autumn, as well as legislation expected to undergo pre-legislative scrutiny. Listed below are the data protection, cyber-security and IP-related Bills coming down the track.

Priority Legislation

  • Communications (Retention of Data) Bill – This Bill will revise and replace the Communications (Retention of Data) Act 2011. The Heads of this Bill were published last October 2017, following publication of Mr Justice Murray’s Review of the Law on the Retention of and Access to Communications Data.  That Review concluded that many features of the 2011 Act are precluded by EU law. The 2011 Act requires telephone companies and ISPs to store everyone’s metadata for up to two years which, in Mr Justice Murray words, constitutes “a form of mass surveillance of virtually the entire population of the State”. Mr Justice Murray said that Irish legislation should be consonant with the limitations as to the proper scope of a system of communications data retention and disclosure laid down by the EU Court of Justice in a number of recent cases, including the Tele2 case. The Heads of the Bill are available here.

Continue Reading Priority Data Protection, Cyber-Security and IP Legislation for Autumn 2018

Photo of Daniel Harrington

The Minister for Communications, Denis Naughten, has confirmed that plans to appoint a Digital Safety Commissioner for Ireland (DSC) will go ahead in 2018. The DSC will act as an ‘Internet regulator’, with powers of enforcement and responsibility for a ‘notice and takedown’ regime, to ensure the online safety of Internet users.

Continue Reading Digital Safety Commissioner to be appointed in 2018

Photo of Vladimir Rakhmanin

The new Consumer Protection Cooperation Regulation (CPC) was passed on 14 November 2017, with the goal of providing enforcement authorities with additional powers to combat unlawful online practices. The CPC will also help harmonise consumer protection law across the EU. While the CPC is sure to aid compliance, it remains to be seen how far-reaching some of the powers will become, in particular, the website-blocking power referred to below.

Continue Reading Consumer Protection Cooperation Regulation introduced to combat unlawful online practices

Photo of Claire Morrissey

The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.

The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.

Continue Reading The Cybercrime Bill is here

Photo of Jessica Egan

Last month the Department of Communications, Energy and Natural Resources published the Government’s National Cyber Security Strategy 2015-2017 (the Strategy).

In 2013 the World Economic Forum classified cyber related threats as one of the highest of all global risks from the perspective of impact and likelihood. This assessment was echoed at a national level in the Government’s 2014 National Risk Assessment. The development and proliferation of Information and Communications technology (ICT) has transformed the way in which society operates. There are few sectors of both society and the economy which do not rely on some form of ICT for their continued operation. This increased dependence has led to increased risk with threats such as hacking, cyber-crime, hacktivism, cyber espionage, software failures and even human error posing a direct threat not only to the daily lives of Irish citizens but also to the economy and the State.

Continue Reading Government publishes National Cyber Security Strategy

Photo of Aoibheann Duffy

Unmanned Aerial Vehicles, or Drones, as they are more commonly known, have traditionally been regarded as a military tool, frequently featuring in media reports on US military action as well as TV dramas such as ‘Homeland’ and ‘House of Cards’. They are however, being increasingly put to a much broader spectrum of uses.

Drones have been used by humanitarian organisations to deliver food and medical supplies to crisis-stricken areas. Following typhoon Haiyan in the Philippines, drones were used by international relief agency Medair to map terrain and create a detailed system of 3D aerial images of the region to make relief efforts more efficient. Amazon’s Prime Air development project has also garnered a lot of attention for its goal to use drones to deliver goods to customers in 30 minutes or less. Drones are also now available to buy in electronics stores and are used to capture videos and photographs by amateur and professional photographers.

Continue Reading Drone Regulation Takes Flight

Photo of Conor McEneaney

Symantec released their annual Internet Security Threat Report (the Symantec Report) last week (available at http://www.symantec.com/security_response/publications/threatreport.jsp) and it makes for alarming reading. The risk of cyberattack is one that has been brought to the forefront of popular consciousness by the devastating cyberattacks on Sony Pictures Entertainment in 2014 and the Symantec Report shows that 2014 saw a worryingly exponential increase in the number, severity and sophistication of such attacks.

Continue Reading Symantec Cyberattack Report a timely reminder of increasing Cyberattack risk

Photo of Neasa Ni Ghrada

On 3 February 2015, the Securities and Exchange Commission (the "SEC") and the Financial Industry Regulatory Authority ("FINRA") both issued cybersecurity reports to the US securities industry. The SEC is the US Federal Government’s securities regulatory agency, while FINRA is a private company that acts as a self-regulatory organisation for US securities firms. The publications highlight the increased US regulatory focus in this area.

SEC: Risk Alert – Cybersecurity Examination Sweep Summary

The Risk Alert summarises the SEC’s findings following its examination of 57 broker-dealers’ and 49 investment advisers’ controls regarding cybersecurity preparedness. Notable statistics from the firms examined include:

       88% of broker-dealers and 74% of investment advisers have experienced cyberattacks either directly or through one of their vendors. The majority of the cyberattacks involved the use of malware and fraudulent emails but no single loss exceeded $75,000;

       93% of broker-dealers and 83% of investment advisers have written information security policies in place, of those, 89% of broker-dealers and 57% of investment advisers periodically audit policy compliance;

       58% of broker-dealers and 21% of investment advisers maintain cybersecurity insurance, however, only one broker-dealer and one investment adviser reported that they had filed claims; and

       Only 15% of broker-dealers and 9% of investment advisers offer security guarantees to protect their clients against cyber related loss.

Continue Reading Two US regulatory bodies simultaneously publish cybersecurity reports