Privacy

Subscribe to Privacy
Photo of Steven Craig

In Doolin v DPC [2020], the High Court held that an employer’s use of CCTV footage in an employee’s disciplinary proceedings constituted unlawful further processing. It concluded that the Data Protection Commission (DPC) had made an “error of law” in their finding that no further processing of the CCTV footage had occurred. The Court found that the CCTV footage was lawfully collected for security purposes. However, the CCTV footage was then unlawfully further processed for the purpose of the disciplinary proceedings, which was incompatible with the original purpose for which the CCTV footage was processed. The decision shows the importance of only using personal data, particularly CCTV footage, for the purpose for which it was collected.

Continue Reading Use of CCTV footage in disciplinary proceedings breached employee’s data protection rights

Photo of Charlotte Turk

The UK government has published its initial consultation response on the Online Harms White Paper (see our previous post here). The new regulatory framework proposes introducing a ‘duty of care’ on online services in respect of harmful content. The government’s initial response reports on the findings from the public consultation, and provides an indication of how the legislation will be taken forward.
Continue Reading Online Harms White Paper – UK government publishes its initial consultation response

Photo of Steven Craig

The Minister for Social Protection, Regina Doherty, and the Minister for Finance, Paschal Donohoe, have informed the government that provision and use of the Public Services Card (PSC), not just by the Department of Employment Affairs and Social Protection (DEASP), but by other public bodies shall continue. The DEASP has written to the Data Protection Commission (DPC) advising it of this decision. In doing so, the Government accepts that it may be necessary for the matter to be referred to the courts for a definitive decision. The DEASP intend to publish the DPC’s investigation report following further engagement with the DPC.

Continue Reading Government challenges findings of Data Protection Commission about Public Services Cards

Photo of Charlotte Turk

The UK Information Commissioner’s Office (ICO) has amended its guidance on the time limit for responding to a subject access request (SAR).

Under Article 12 GDPR, a data controller must respond to a SAR “without undue delay and in any event within one month of receipt of the request.” This can be extended by a further two months if the request is complex or a number of requests have been made by the data subject.

Continue Reading ICO clarifies time limit for responding to subject access requests

Photo of Caoimhe Bourke

On Friday 16 August 2019, the Data Protection Commission (DPC) published its findings on certain aspects of the Public Services Card (PSC). The DPC found that seven out of eight of its findings were adverse to the positions advanced by the Department of Employment and Social Protection (DEASP) and that there is and has been non-compliance with the applicable provisions of data protection law.

Continue Reading DPC Publishes Statement on the Public Services Card

Photo of Neasa Ni Ghrada

The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.

Continue Reading UK Government sets out proposed derogations under GDPR

Photo of John Cahir

News reports have confirmed that on Wednesday 26 July, after a public consultation period on the issue, the Irish Government have agreed to set the digital age of consent at 13 years of age. Article 8 of the General Data Protection Regulation (GDPR) provides that a child under the age of 16 cannot consent to

On 26 July 2017 the Court of Justice of the European Union (CJEU) delivered its Opinion that the draft Passenger Name Record (PNR) Agreement between the EU and Canada is not compatible with the EU Charter of Fundamental Rights (the Charter) and may not be concluded in its current form. The Opinion follows a referral by the European Parliament to the CJEU and is the first time the Court has been requested to examine the compatibility of an international agreement with the EU Charter.

Continue Reading EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights

Photo of Laura Scanlan

The UK Information Commissioners Office (the ICO) has released an International Strategy (the Strategy) in which it outlines its plans for 2017 – 2021 to deal with the data protection challenges presented by globalism, the GDPR and Brexit. The Strategy which can be read in full here is the first with an international emphasis released