The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission


Case Study 1/02 Motor Insurance
I received a complaint about a practice among motor insurance companies of asking applicants an excessive number of questions. The complainant considered that some questions had no relevance, in particular the one relating to marital status. He was of the opinion that the information sought had more to do with customer profiling than assessing insurance risk.
view more

Case Study 2/02 International Bank Recording of Telephone Calls
International Bank-recording of telephone calls. I received a complaint from an individual who stated that in the course of her employment for a particular company she received a telephone call from one of the major international banking organisations based in Ireland.
view more

Case Study 3/02 Gardai - Inappropriate Data on “Pulse system”
Gardai- Inappropriate data on “Pulse system” -data deleted when access request received- not fair to person- could frustrate the provisions of the Act A person contacted my Office as she believed that An Garda Síochána were holding data about her on their “PULSE” database which was untrue. The complainant had made an access request to An Garda Síochána under section 4 of the Act but she did not believe that this request had been complied with as she believed that certain details had not been furnished to her.
view more

Case Study 4/02 Data Protection in the Telecommunications Area
Data protection in the telecommunications area- automated telephone marketing - political canvassing- text messages to mobile phones-national opt out register EU Directive 97/66 stipulates the data protection standards that must apply in the case of public telecommunications networks including issues of security, privacy and direct marketing. It was transposed by Regulations into Irish law with effect from 8th May 2002.
view more

Case Study 5/02 Telephone Company
Alleged disclosure of customer call related information at the request of the Gardai - Information Notice issued. A journalist complained to me that she had requested from her telephone service provider a list of all the individuals who had made enquiries in relation to her mobile telephone account and that in response she had been given a printout of all the requests and enquiries which she herself had made.
view more

Case Study 6/02 Women's Mini- Marathon
Women's Mini- Marathon -unauthorised and incompatible disclosure-Internet photographs-informed consent. I received a complaint from a mother who took part in the Women's Mini-Marathon in June 2002 with her fourteen year old daughter. Her daughter subsequently received a letter in July 2002 from a UK company offering her photos of herself taken on the day of the marathon. The photos also appeared on the company's website.
view more

Case Study 7/02 Spanish Apartment Purchase
Spanish apartment purchase - Disclosure of Data to Third Party without consent- well meaning intention not good enoughI received a complaint from an individual who had purchased a property in Spain. The individual had subsequently received two letters to his home address advertising a furniture service. The complainant discovered that the furnishing company had obtained his details from the property agent.
view more

Case Study 8/02 Department of Defence
Department of Defence -deafness compensation data supplied to another Department- unauthorised disclosure- good intentions but anti-fraud measures must respect prejudice test of data protection law-Government is not a single data controller I received a complaint from a serving member of the Defence Forces who had obtained damages arising out of a civil action taken by him against the Minister for Defence regarding a deafness complaint.
view more

Case Study 9/02 Details of Other Bank Account Holders
An individual complained to my Office in relation to her bank account as she was concerned about the accuracy and security of the information held and the potential disclosure of her details to other account holders, as there appeared to be confusion regarding her account and that of another account holder of the same name.
view more

Case Study 10/02 Aer Rianta
Inappropriate Use of the Personal Public Service Number (PPSN). My office received complaints from a number of taxi drivers who had been operating from Dublin Airport for many of years. Their complaints related to the Application Form issued by Aer Rianta for a permit to operate a taxi service from Dublin Airport, which asked interalia for the applicants' Personal Public Service Number (PPSN).
view more

Case Study 11/02 Pharmacist
Disclosure of sensitive prescription information - notifiable diseases and public health interests - issue of consent A pharmacist contacted my Office seeking advice in relation to correspondence he had received from the Director of Public Health, Eastern Health Authority regarding a proposed scheme for pharmacists to assist in the surveillance of Tuberculosis. Pharmacists were asked to submit a form which detailed personal information of patients using
view more