Information Technology

Photo of James McCarthy

On 6 April 2020, the Data Protection Commission (DPC) published a report on the use of cookies and other tracking technologies (Report) and an updated guidance note on cookies and other tracking technologies (Guidance).

The Report is based on a review carried out by the DPC of websites in various sectors in Ireland, including insurance, banking, media, retail and the public sector. The purpose of the DPC’s report was to examine whether organisations are complying with the law, and, in particular, how organisations are obtaining the consent of users for the use of cookies. The majority of the 38 organisations examined were found to have potential compliance issues, particularly in relation to reliance on implied consent for setting non-necessary cookies; lack of choice for users to reject all cookies; bundling of consent for all purposes; and the possible misclassification of cookies as “necessary” or “strictly necessary“.  The Report gives an overview of the responses received highlighting what the DPC considers to be both “good” and “bad” practices that it encountered on the websites, and the Guidance provides website operators with guidance on how to comply with the rules relating to cookies, which are set out in the Irish ePrivacy Regulations.


Continue Reading DPC publishes Report and Guidance on cookies following a “cross-sector and cross-size” sweep of website operators

Photo of Davinia Brennan

The Government Chief Whip, Seán Kyne TD, has published the Government’s legislation programme for Summer 2019.  The updated programme follows on from the special programme launched in January 2019 which focused on Brexit. We have set out below the key data protection and technology-related legislation coming down the tracks.

Priority Legislation

  • Communications (Retention of Data) Bill –  This Bill will repeal and replace the Communications (Retention of Data) Act 2011 which requires data generated by mobile phones to be retained by telecommunications service providers for two years, and allows An Garda Síochána and certain other State agencies to access such data for criminal investigative purposes. The Heads of Bill were published last October 2017, following publication of Mr Justice Murray’s Review of the Law on the Retention of and Access to Communications Data, which found that many features of the 2011 Act are precluded by EU law. The Irish High Court also recently held, in Dwyer v Commissioner of An Garda Siochána [2018] IEHC 685; [2019] IEHC 48, that certain sections of the 2011 act are incompatible with EU law.


Continue Reading Government publishes legislation programme for Summer 2019

Photo of Conor McEneaney

The Scottish Courts have given an interesting decision in relation to IT contracts, relating to the allocation of delivery risk between supplier and customer and the importance of doing what it says in the contract.

In David MacBrayne Limited v Atos IT Services (UK) Limited (2018), Atos, a supplier, had entered into an agreement with

Photo of Davinia Brennan

The Law Reform Commission has published an Issues Paper on Privilege for Reports of Court Proceedings under the Defamation Act 2009. The Paper examines and make recommendations on whether changes should be made to the Defamation Act 2009 relating to absolute privilege for reports of court proceedings. Section 17 of the Defamation Act 2009 currently provides that there is absolute privilege (i.e. complete immunity) from a defamation action where the claim is about a “fair and accurate report of proceedings” heard in any court in Ireland, Northern Ireland, or certain European and international courts.

Continue Reading Reports of court proceedings in blogs and social media may no longer be immune from defamation claims

Photo of Daniel Harrington

The Minister for Communications, Denis Naughten, has confirmed that plans to appoint a Digital Safety Commissioner for Ireland (DSC) will go ahead in 2018. The DSC will act as an ‘Internet regulator’, with powers of enforcement and responsibility for a ‘notice and takedown’ regime, to ensure the online safety of Internet users.

Continue Reading Digital Safety Commissioner to be appointed in 2018

Photo of Chris Stynes

On 26 July 2017 the Court of Justice of the European Union (CJEU) delivered its Opinion that the draft Passenger Name Record (PNR) Agreement between the EU and Canada is not compatible with the EU Charter of Fundamental Rights (the Charter) and may not be concluded in its current form. The Opinion follows a referral by the European Parliament to the CJEU and is the first time the Court has been requested to examine the compatibility of an international agreement with the EU Charter.

Continue Reading EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights

Photo of Chris Stynes

The Article 29 Working Party (WP29) has recently provided its Opinion 2/2017 on data processing at work. The Opinion, adopted on 8 June 2017, highlights the risks and challenges of processing employees’ personal data in light of new technologies. While the Opinion focuses on the current data protection regime, it also considers some of the obligations arising under the General Data Protection Regulation (GDPR) from 25 May 2018.

Continue Reading Article 29 Working Party Opinion on Data Processing at Work

Photo of John Cahir

The Court of Justice of the European Union (CJEU) has handed down a reference for a preliminary ruling in Case C-610/15 (Stichtin Brein v Ziggo BV, XS4ALL Internet BV), holding that making available and managing an online platform for sharing copyright-protected works may constitute an infringement of copyright.

Continue Reading CJEU issues ‘The Pirate Bay’ judgment

Photo of Davinia Brennan

The Article 29 Working Party (WP29) (consisting of data protection regulators from the 28 Member States) has adopted an Opinion 01/2017 on the proposed e-Privacy Regulation, which will repeal and replace the e-Privacy Directive. Whilst the WP29 welcomes the proposal, it identifies several points of concern, and sets out how the proposal can be improved.

Continue Reading WP29 gives lukewarm welcome to proposed e-Privacy Regulation

Photo of Davinia Brennan

In Rolf Anders Daniel Pihl v Sweden, the European Court of Human Rights (ECHR) agreed with Swedish authorities that a non-profit association was not liable for anonymous defamatory comments posted on its blog. The ECHR held that the Swedish authorities’ refusal to hold the owner of the blog liable for the anonymous defamatory online comment did not violate the European Convention on Human Rights (the Convention).

Continue Reading Blog owner not liable for anonymous defamatory online comments