The Minister for Social Protection, Regina Doherty, and the Minister for Finance, Paschal Donohoe, have informed the government that provision and use of the Public Services Card (PSC), not just by the Department of Employment Affairs and Social Protection (DEASP), but by other public bodies shall continue. The DEASP has written to the Data Protection Commission (DPC) advising it of this decision. In doing so, the Government accepts that it may be necessary for the matter to be referred to the courts for a definitive decision. The DEASP intend to publish the DPC’s investigation report following further engagement with the DPC.
Continue Reading Government challenges findings of Data Protection Commission about Public Services Cards
privacy and data protection
ICO clarifies time limit for responding to subject access requests

The UK Information Commissioner’s Office (ICO) has amended its guidance on the time limit for responding to a subject access request (SAR).
Under Article 12 GDPR, a data controller must respond to a SAR “without undue delay and in any event within one month of receipt of the request.” This can be extended by a further two months if the request is complex or a number of requests have been made by the data subject.Continue Reading ICO clarifies time limit for responding to subject access requests
UK Government announces changes in law in a bid to crack down on nuisance callers

On 25 February 2015, the Department for Culture, Media and Sport announced that it is changing the laws with regard to nuisance calls.
The Information Commissioner’s Office (ICO) currently has the power to impose heavy fines of up to £500,000 on companies that make marketing calls or messages if the ICO can prove that these unwanted calls or messages caused, or had the potential to cause, ‘substantial damage or distress’. However, from 6 April 2015, this requirement will be removed, allowing the ICO to intervene in more cases and penalise those companies that are breaching the Privacy and Electronic Communications Regulations but fall below the current legal threshold. Continue Reading UK Government announces changes in law in a bid to crack down on nuisance callers
Private Investigators fined €10,500 for unlawfully obtaining personal data

Bray District Court, yesterday, fined a firm of private investigators, and its two directors, €10,500 for unlawfully obtaining personal data. The court found that the directors had used ‘subterfuge’ to unlawfully obtain the addresses of credit union clients in arrears. The directors posed as a VEC and hospital worker to obtain the information, via telephone calls, from employees at the Department of Social Protection (seven cases), and the Health Services Authority (HSE) (sixteen cases).Continue Reading Private Investigators fined €10,500 for unlawfully obtaining personal data
Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area of focus in light of the privacy implications for customers.Continue Reading Mobile Apps – Results of Global Privacy Sweep raise privacy concerns
Mobile Apps – Results of Global Privacy Sweep raise privacy concerns

The Office of the Data Protection Commissioner (ODPC) recently released the results of the second Global Privacy Sweep. Twenty-six privacy enforcement authorities, including Ireland, participated in the Sweep, which examined 1,211 apps. The theme of the Sweep, Mobile Privacy, was chosen due to many privacy enforcement authorities having identified mobile apps as a key area …
Working Party publishes statement on CJEU ruling which invalidates Data Retention Directive

The Article 29 Working Party (WP29), an independent European advisory on data protection and privacy, has published a statement in which it welcomes the ruling of the CJEU, of 8 April 2014, which invalidates the Data Retention Directive (2006/24/EC). The CJEU found that the Directive entails a wide-ranging and particularly serious interference with …
CJEU clarifies scope of right of access to personal data

The CJEU in Joined Cases C-141/12 and C-372/12 has clarified the scope of a data subject’s right of access to a copy of their personal data. The CJEU’s ruling may serve to lighten the burden of access requests on organisations. It confirms that the Data Protection Directive 1995 (the Directive) does not establish a right of access to any specific document or file in which personal data are listed or used, nor does it specify the material form in which personal data must be made accessible. Member States enjoy a margin of discretion to determine the form in which to make personal data accessible, so long as it is intelligible. Accordingly, the CJEU found that the Dutch authorities, in this case, had met their legal obligations under data protection law by extracting from the relevant documents the personal data relating to the data subject.Continue Reading CJEU clarifies scope of right of access to personal data
Google launches new European privacy removal tool

Following the recent Court of Justice decision in the Costeja case, Google launched a service last Friday that will allow European data subjects to request the removal of search results for queries that include their name where those results are "inadequate, irrelevant, or no longer relevant, or excessive in relation to the purpose for which they were processed". The request form is available online.Continue Reading Google launches new European privacy removal tool