Photo of Charlotte Turk

The UK Information Commissioner’s Office (ICO) has amended its guidance on the time limit for responding to a subject access request (SAR).

Under Article 12 GDPR, a data controller must respond to a SAR “without undue delay and in any event within one month of receipt of the request.” This can be extended by a further two months if the request is complex or a number of requests have been made by the data subject.


Continue Reading ICO clarifies time limit for responding to subject access requests

Photo of Caoimhe Bourke

On Friday 16 August 2019, the Data Protection Commission (DPC) published its findings on certain aspects of the Public Services Card (PSC). The DPC found that seven out of eight of its findings were adverse to the positions advanced by the Department of Employment and Social Protection (DEASP) and that there is and has been non-compliance with the applicable provisions of data protection law.

Continue Reading DPC Publishes Statement on the Public Services Card

Photo of Neasa Ni Ghrada

The General Data Protection Regulation (GDPR) will automatically come into force across the EU on 25 May 2018. As the deadline fast approaches, Member States are busy progressing their draft implementing legislation. Article 23 of the GDPR provides Member States with discretion over how certain provisions will apply. These proposed derogations to the GDPR have been a focus point for many commentators on the draft national legislation.

Continue Reading UK Government sets out proposed derogations under GDPR

Photo of John Cahir

News reports have confirmed that on Wednesday 26 July, after a public consultation period on the issue, the Irish Government have agreed to set the digital age of consent at 13 years of age. Article 8 of the General Data Protection Regulation (GDPR) provides that a child under the age of 16 cannot consent to

Photo of Chris Stynes

On 26 July 2017 the Court of Justice of the European Union (CJEU) delivered its Opinion that the draft Passenger Name Record (PNR) Agreement between the EU and Canada is not compatible with the EU Charter of Fundamental Rights (the Charter) and may not be concluded in its current form. The Opinion follows a referral by the European Parliament to the CJEU and is the first time the Court has been requested to examine the compatibility of an international agreement with the EU Charter.

Continue Reading EU-Canada Passenger Name Records Agreement declared incompatible with EU Fundamental Rights

Photo of Laura Scanlan

The UK Information Commissioners Office (the ICO) has released an International Strategy (the Strategy) in which it outlines its plans for 2017 – 2021 to deal with the data protection challenges presented by globalism, the GDPR and Brexit. The Strategy which can be read in full here is the first with an international emphasis released

Photo of Chris Stynes

The Article 29 Working Party (WP29) has recently provided its Opinion 2/2017 on data processing at work. The Opinion, adopted on 8 June 2017, highlights the risks and challenges of processing employees’ personal data in light of new technologies. While the Opinion focuses on the current data protection regime, it also considers some of the obligations arising under the General Data Protection Regulation (GDPR) from 25 May 2018.

Continue Reading Article 29 Working Party Opinion on Data Processing at Work

Photo of Neasa Ni Ghrada

In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this

Photo of Davinia Brennan

In Barbulescu v Romania, a case concerning employees’ right to privacy, the European Court of Human Rights (ECHR) held that an employer could monitor and access personal messages sent by an employee during work hours from his Yahoo Messenger account. The decision, however, is not a precedent for unrestricted monitoring by employers of personal messages sent by employees during office hours.


Continue Reading ECHR rules employer can monitor personal messages sent by employee