The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

EMBARGO 8TH  MAY 2008 - 11.00 am

Data Protection Commissioner launches his Annual Report for 2007

The Data Protection Commissioner launched his report for 2007 today.  He has emphasised the responsibility of public and private sector organisations to respect the privacy of those who entrust them with their personal information.  Equally the Commissioner has also drawn attention to the need for an appropriate balance to be struck between the ever increasing desire to seek the personal data of all of us as part of the security agenda and the individual's right to privacy.  In this respect he raises the question, "Have we not succumbed to terror and submitted to extremism when we loose the liberty to live our lives without constant intrusion by the State in the name of security?"

Enquiries and Complaints
During 2007 the Office of the Data Protection Commissioner opened 1,037 new complaint investigations, up substantially from 658 in 2006. This very large increase in the number of complaints relates in part to an increase in complaints in relation to unsolicited text (SMS) messages.  The Report updates on the actions which the Commissioner has taken to address this issue.  He currently has more than 350 prosecutions before the Courts in this area.  These prosecutions follow strong action taken by the Commissioner who sent teams of investigators into the premises of those involved to collect evidence.  The Commissioner has increasingly made use of his powers to send his officers into premises which contain personal data without notice to ensure that data protection requirements are being met.

The Report updates on the Commissioner's actions in relation to the issue of unauthorised access to personal data in the public sector, a large number of complaints received in relation to the marketing practices of Sky and also includes case studies of a number of specific investigations into the use of personal data including:

· The use made by Baxter Healthcare of two medical reports relating to a former employee;
· The inappropriate use of CCTV footage by the West Wood Club in Sandymount  and covert CCTV by the Gresham Hotel in Dublin;
· Suspension of the operations of a cold-call marketing operation by Newtel communications;
· Inappropriate disclosure of employee information by Aer Lingus;
· A very serious case of inappropriate access to personal information held by the Revenue Commissioners;
· The failure to supply a reasonable means for opting-out from email direct marketing by Ryanair.
· Extensive engagement with Eircom following the receipt of a large number of complaints in relation to unwanted marketing telephone calls.  This resulted in a €35,000 donation by Eircom to charity to resolve the complaints
· Excessive information of local residents retained by Croke Park
· Unsolicited email marketing by Tesco arising from technical difficulties

In addition to actual formal complaints received and progressed, the Office dealt with approximately 20,000 telephone enquiries together with over 4,000 email enquiries and a smaller number of enquiries by post.

Other Activities
In a wide ranging report on his Office's activities for 2007 that reflects the variety of issues the Office is called upon to address, the Commissioner also focuses on:
· The benefits that flow from an increasing awareness of privacy and data protection issues on the part of members of the public, the media and institutions holding our data;
· The occasions when he was obliged to resort to the use of his legal powers to protect and promote the interests of data subjects;
· The responsibility of private sector organisations to protect the personal data of their customers and clients;
· Breach notifications as an example of good practice;
· Developing codes of practice within particular sectors and public bodies to allow a better understanding of data protection requirements among those entrusted with personal data;
· The continuing challenges posed by new technology and the use made of the internet.

The Commissioner has taken the opportunity to highlight his engagement with Government on a variety of issues including the proposed DNA database, the intention to introduce what is known as an "eBorders" system to track all of our movements as we enter and leave the country and a very satisfactory outcome in terms of ensuring that the planning system respects privacy while maintaining transparency.

The Report also includes for the first time an unscientific list of the top ten threats to privacy as identified by the staff of the Office of the Data Protection Commissioner.  This list, which is by no means authoritative, is intended to provoke discussion of privacy issues.

[Note:  The Annual Report is available for download in PDF version from the Data Protection Commissioner's website at the link below:    Annual Report 2007]

Media Queries   Diarmuid Hallinan

Telephone   (057) 868 4800
Fax        (057) 868 4757
Email       dphallinan@dataprotection.ie
Website  www.dataprotection.ie