Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic...
-
Upload
berniece-lawson -
Category
Documents
-
view
212 -
download
0
Transcript of Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic...
Data Protection: The Law
EU & Irish Legislation• Data Protection
Directive 95/46/EC• Electronic Privacy
Directive 2002/58/EC
• EUROPOL etc
• Data Protection Acts 1988 & 2003
• EC Electronic Privacy Regulations 2003 (SI 535/2003)
• Corresponding Acts• Good Friday
Agreement• Disability Act 2005
The Data Protection Rules (Directive 95/46 & Data Protection Acts)1. Fair obtaining &
processing• Consent
2. Specified purpose3. No disclosure
• unless “compatible”
4. Safe and secure
5. Accurate, up-to-date6. Relevant, not
excessive7. Retention period8. Right of access
Definitions(1)• Personal Data
Any Data relating to a livingliving identifiableidentifiable individual
• Data Automated data or structured manual manual
datadata• Manual Data
Structured by reference to individuals in a way that makes data readily accessible
Definitions(2)
• Data Controller a person who controls the contents and
use of personal data
• Data Processor A person who processes personal data
on behalf of a data controller
Definitions(3)
• Data Subject an individual who is the subject of
personal data
• Processing Anything done with personal data,
from collection to disposal
Sensitive Data (special protection)• Physical or mental health• Racial origin• Political opinions• Religious or other beliefs• Sexual life• Criminal convictions• Alleged commission of offence• Trade Union membership
Using Sensitive DataEXTRA conditions: S.2B (one only is needed)
1. explicit consent2. necessary under employment law3. non-profit body (political, philosophical,
religious, trade-union) – its members / clients4. necessary for medical purposes (contd)
Using Sensitive DataEXTRA conditions: (one only is needed)
5. necessary to protect vital interests6. necessary for legal advice / legal claim7. for electoral purposes8. for substantial public interest
1. as prescribed by Minister
Genetic Testing
• Disability Act 2005 (Part 4): Informed consent of data subject
required Prohibited in relation to insurance
policies, pensions, and mortgages Subject to DPC prior approval in
relation to employment
Electronic Communications (SI 535/2003)• General DP Principles apply• Telecom-specific:
‘Cookies’ on PCs Caller ID (phones) Location Data (mobiles) Directories ‘SPAM’ Data Retention ‘Cold Calling’ opt-out
North/South Bodies
• S 31, British-Irish Agreement Act, 1999: Irish DPC responsible for Bodies
established in Republic UK Information Commissioner
responsible for Bodies established in Northern Ireland
DP/FOI Access to Personal Information • DP and FOI Acts reinforce one another in
relation to personal access in the public sector
• Defending access to personal information as human (DP) and citizen (FOI) right
• 3rd Party Access restricted under both Acts• FOI access to personal information should
sometimes prevail in the public interest
Access right: DP v FOI• FOI - Public Interest (s 28(5)(a)) when “on
balance, the public interest that the request should be granted outweighs the public interest that the right to privacy of the individual to whom the information relates should be upheld”
• Information Commissioner: Case No 99001- “the protection of personal privacy afforded by s.28 exemption is intended to be a strong one”
DP and FOI• A right conferred by the Data Protection
Act shall not prejudice the exercise of a right conferred by the Freedom of Information Act 1997.
• The Commissioner and the Information Commissioner shall, in the performance of their functions, co-operate with and provide assistance to each other (DP Act 2003)