Under Section 26 of the Data Protection Acts 1988 and 2003, an appeal before the courts is provided for against a decision of the Data Protection Commissioner in relation to a complaint under Section 10(1)(a) of the Acts. The scope and applicable review standard for such an appeal was one of two key issues which came before the Supreme Court in the recent case of Nowak v. The Data Protection Commissioner (Judgment of O’Donnell J delivered on 28th April 2016).Continue Reading Nowak v. The Data Protection Commissioner: Data subjects’ right of appeal and testing the boundaries of “personal data”
The Office of the Data Protection Commissioner (ODPC) has contacted Dublin City Council in relation to its data protection concerns surrounding the City Council’s new anti-litter poster initiative. As part of the initiative the City Council had erected a billboard in the north inner city featuring CCTV images of 12 people who appear…
In advance of the forthcoming Dáil elections, the Office of the Data Protection Commissioner (ODPC) has issued guidance to candidates for election and their representatives on canvassing, data protection and electronic marketing (the Guidance). Publication of the Guidance follows the ODPC’s previous efforts to boost awareness of individuals’ privacy rights in this …
In its ongoing effort to raise awareness of individuals’ privacy rights, the Office of the Data Protection Commissioner (ODPC) has published a press release on their website on the "Electoral Register and ‘Opting Out’ of the Edited Register".
Every year, the Department of the Environment, Community and Local Government encourages individuals to register to vote or to check that their details are up to date on the Electoral Register in advance of the 25 November deadline. In line with publicising such rights, the ODPC wishes to draw attention to the Edited Electoral Register and how it relates to direct marketing. Continue Reading ODPC Raises Awareness of Right to Opt-Out of the Edited Electoral Register
On 1 October, the Court of Justice of the European Union (CJEU) handed down its judgement in the Weltimmo case (Case C‑230/14), a decision which could have important ramifications for the data protection obligations of companies operating across multiple EU member states. The CJEU effectively held that where a company has a representative in a country and operates services directed at that country, the company can be held accountable by that country’s data protection authority despite not being formally established in that country.Continue Reading CJEU publish important decision on territorial application of data protection law
As has been reported widely in the world media, the Court of Justice of the European Union (CJEU) this week declared the EU-US Safe Harbour regime to be invalid. The decision has understandably given rise to a lot of concern among European businesses that transfer data to the US.
In this blog post, we seek to answer the main questions that are being asked following the CJEU ruling. Continue Reading Data in Disarray: The Aftermath of the Safe Harbour Decision
The Data Protection Commissioner, Helen Dixon, spoke at the Society for Computers and Law’s ‘The Evolution and Reform of Data Protection’ event this morning. The Commissioner gave an overview of the activities of the Office of the Data Protection Commissioner (ODPC) in 2014 and set out the aims of the ODPC for the year ahead.Continue Reading Data Protection Commissioner reviews 2014 and sets out plans for 2015
There has been much debate during 2014 about the effectiveness of the US Safe Harbour regime. Many EU commentators have queried its effectiveness, pointing in particular to the lack of enforcement over the years by the Federal Trade Commission (FTC), the body which effectively is charged with dealing with complaints that companies are not in compliance with their public representations of adherence to the Safe Harbour principles.
Continue Reading SnapChat Signs Up to 20 Years of Data Protection Audits
On November 23rd, Symantec, the American antivirus company, announced the discovery of a piece of software called Regin, which it had found lurking on computers and stealing data in Ireland, Russia, Saudi Arabia and several other countries. Its sophistication and stealth led Symantec to conclude that it must have been created by a nation-state.
According to a survey recently published by Microsoft, a large proportion of Irish people think that online privacy is important and that people should not need to give up privacy and freedom for safety from crime and terrorism.
The survey published by Microsoft, and carried out by Amárach Consulting, focused on Irish peoples’ attitudes toward online and digital data privacy and security. Microsoft commissioned the survey as part of its on-going legal challenge to a US warrant which compels Microsoft to produce data held in a Microsoft data centre in Dublin. Continue Reading How important is online privacy?