Data Protection Overview

“Data protection is about your fundamental right to privacy”

Billy Hawkes, Data Protection Commissioner

It’s all about the information! The power of information cannot be underestimated and as result organisations want access to as much of it as possible so, as in the case of commercial organisations at least, to better target their markets and increase profits. Coupled with the advances in technology in the last couple of decades this means that personal information held by companies and other organisations can be accessed within seconds.

While it is important that these organisations have access to this data to help provide better services it is vitally important to ensure that any and all personal data is protected and not misused.  The privacy of the individual should be of the utmost consideration when working with this data. With guidance from Europe and as a result of these concerns regarding the right to privacy of the individual, the Data Protection Acts of 1988 and 2003 were enacted.

Just as the Data Protection Act of 1988 came about as a result of a 1981 Council of Europe convention which had to be implemented (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Treaty 108)) so too is the Data Protection (Amendment) Act 2003 a result of a European Directive:

European Data Protection Directive 95/46/EC (Article 1), states:
“In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons and in particular their right to privacy with respect to the processing of personal data.”

This directive also stated that each member state should have the required legislation enacted within three years. As this directive was issued in 1995 it took infringement procedures taken by the European Commission against Ireland to eventually get the Data Protection Act (Amendment) 2003 enacted.

The long Title of this Act is as follows:

“ An Act to give effect to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, for that purpose to amend the Data Protection Act 1988 and to provide for related matters. [10th April, 2003]”

Data Protection Commissioner

As a result of the 1988 Act, the office of the Data Protection Commissioner was established and is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obligations upon data controllers. The Commissioner is appointed by Government and is independent in the exercise of his or her functions. Individuals who feel their rights are being infringed can complain to the Commissioner, who will investigate the matter, and take whatever steps may be necessary to resolve it.

The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as Government Departments and financial institutions.

Privacy

It is interesting to note that although data protection is about your fundamental right to privacy, as is enshrined in the Irish Constitution in Article 40.3.1:

“The State guarantees in its laws to respect, and, as far as practicable, by its laws to defend and vindicate the personal rights of the citizen.”

Constitution of Ireland, 1 July 1937

there is no definition of privacy given in the Acts, which only serves to highlight how difficult it can be to quantify. Everyone has differing values and tolerance levels in relation to privacy - what one person may consider personal and private information, another would happily announce to anyone who would care to listen.

The following are two definitions of privacy which have been put forth:

“The right to be left alone… the most comprehensive of rights and the rights most valued by civilised men”

Justice Louis Brandeis & Samuel Warren – 1890 Harvard Law Review Vol IV

“the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information”

David Calcutt QC, 1990 Report on Privacy (UK)