The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission


Criminal conviction struck out but details remained on Garda records – accuracy and retention of data – policy issues arising

Some years ago a young man was convicted of a minor offence. He appealed the sentence, and the Probation of Offenders Act, 1907, was applied. This meant that his conviction was struck out and, for example, could not be mentioned if he were later prosecuted for something else.

This man intended to emigrate and needed a statement of character from the Garda Síochána. He made an access request to them under section 4 of the Act. When they responded to his request, he was disturbed to find that the original conviction was shown on his record.

In the event this did not cause the man a difficulty because when he explained to the Gardaí what he needed, they were able to give him a "Character Reference for Emigration" which showed, correctly under the terms of the Probation of Offenders Act, that he had no recorded convictions. However, he contacted my Office to express his concern that details of his original conviction were still kept on computer by the Gardaí.

There was no contravention of the Data Protection Act by the Gardaí in this case. Their criminal records files were accurate (section 2 (1) (b)) in showing that the man had once been convicted for a criminal offence. They had not kept the information longer than was necessary for the purpose or purposes for which it had been obtained (section 2 (1) (c) (iv)) since Ireland, unlike many other countries, has no legislative provision for "spent" offences which are no longer kept on record after a specified period of time.

However, I believe that this case raises two important issues. The first is a general one. There is, in my view, a major qualitative difference between the recording of information about people on paper and keeping it on computer. Computerised information is much easier to access, retrieve and disseminate, and the principles of fairness and transparency that underlie the Act therefore require that serious thought be given to procedures for obtaining, keeping and using it. This is especially true of the more sensitive kinds of information, such as conviction data.

The second issue follows from the first, and relates specifically to criminal records. There is, as I mentioned, a requirement in the Data Protection Act that information shall not be kept for longer than is necessary for the purpose for which it was obtained. The indefinite retention of information about minor convictions – or, as in this case, information about a conviction which has legally ceased to exist – does not appear to accord with the spirit of that requirement. But since Irish legislation makes no provision for "spent" convictions, the Gardaí have no guidance on how long they should retain such records. The issue that arises here comes down to the balancing of law enforcement needs with the privacy interests of the individual, taking account of the realities of information technology. This is a balance to be decided by the legislature. However, I am concerned that the administrative decision to computerise Garda records may bring with it consequences for individual citizens which have not yet been considered by the Oireachtas. I believe it is in keeping with the spirit of the Data Protection Act for me to raise this issue in my Report, and recommend that it be given consideration by the appropriate authorities.