Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

 

 

 

 

Media Release

Embargo 16 May 2007 - 10.00 am

 

 

                               Annual Report for 2006 published

 

The need to find a balance between the demands of security, crime prevention and legitimate commercial interests, on the one hand, and the individual's right to privacy, on the other were increasingly on the data protection agenda in 2006 whether in a domestic or international context.  This need to find the appropriate balance formed a backdrop to the work of the Office of the Data Protection Commissioner during 2006.  In a wide ranging report on his Office's activities for 2006 the Commissioner has focused on:

 

?        The gradual erosion of the individual's private space and the need to address this through an emphasis on the right of the individual to choose what personal information s/he discloses and to have some control over how it is used;

?        The increased use of his legally given enforcement powers to protect and promote the interests of data subjects;

?        The raised public profile of the Office of the Data Protection Commissioner and the resulting higher level of public awareness of their rights under the Data Protection Acts;

?        His Office's ongoing efforts to foster a solution-orientated cooperation with Government and industry to encourage policies, proposals and systems that respect individuals' data protection rights;

?        Meeting the privacy challenges posed by rapidly evolving technologies, not least by drawing public attention to the potential implications of sharing information on certain media including social networking sites on the internet;

?        Encouraging a standards-based approach to data protection and the development of codes of practice within particular industries and public bodies;

?        Meeting the challenges and opportunities created by the decentralisation of his Office to Portarlington in December 2006

 

The Commissioner has also taken the opportunity to highlight his engagement with Government on a variety of issues.  These included sometimes difficult but ultimately fruitful negotiations on the processing of data in the context of the Nursing Home (Repayments Scheme) Act 2006 and the points which he raised in the context of a query on the electoral register (an intervention that prompted some comment at the time).

 

The Commissioner also provides an update on the actions which he has taken since the airing of a Primetime programme last December on the alleged passing of information between mortgage brokers and estate agents.

 

Complaints Investigated

 

The Commissioner's Report gives details of a number of his investigations into the use of personal data and presents them as case studies in his Annual Report. Among the issues considered by the Commissioner during 2006 were:

 

?        Unsolicited direct marketing and the sanctions available to the Office to address intrusive practices including contact he had with the telecommunications companies Opera Telecom, Talk Talk, Newtel, Gaelic Telecom and Global Windows and Home Improvements;

?        Some interesting cases which he had to decide on in relation to the obligation on the media to respect their data protection obligations and the limits of the applicable public interest exemption in this area under the Data Protection Acts;

?        The gathering of excessive personal data by both public and private bodies including Ulster Bank;

?        The failure during the reporting period of the leading computer manufacturer DELL to properly ensure that its direct marketing practices were fully compliant with the Acts particularly in relation to recording individual's preferences not to receive any further material;

?        The failure by Caredoc (a medical facility in Carlow) to comply with a request for access to a child's personal data;

?        The failure of the Barcode Night Club of WestWood Club in Clontarf to comply with an access request for CCTV footage; and

?        The use of the powers of the Office of the Data Protection Commissioner to oblige Ashbury Taverns of Wexford to comply with an access request.

 

Enquiries and Complaints

 

The Office of the Data Protection Commissioner received over 20,000 enquiries during the year while its website, www.dataprotection.ie, was accessed over 69,000 times from Ireland.

 

The Office concluded 535 formal complaints in 2006 while 658 new complaints were received (300 in 2005). This very large increase in the numbers of complaints received was to some extent accounted for by increased complaints of breaches of the Privacy in Electronic Communications Regulation (SI 535 of 2003) which relate mainly to cold calls at home and unsolicited text messages to mobile phones.  This category of complaints accounted for (39%) of all complaints received followed by access rights (28%), disclosure (11%), direct marketing (6%) and accuracy of information (5%).  65% of the complaints received in 2006 were settled informally, 7% were upheld or partially upheld and 28% were not upheld. 

 

Guidance

The Commissioner's report includes guidance on particular issues of concern to members of the public who have contacted his Office.  These include:

 

?        Mobile telephone companies and requests from local authorities for customer data;

?        The use of publicly available data for direct marketing purposes;

?        The use of electronic mail for direct marketing purposes; and

?        The outsourcing of ICT projects and the hosting of patient files in the health sector.

 

Work Programme

The Commissioner has also used the opportunity presented by the Annual Report to outline the work programme for his Office for 2007.  This programme includes his continued efforts to finalise a number of codes of practice to assist in the sectoral understanding of data protection obligations (including with An Garda Siochána and the insurance sector).  He has also alluded to his ongoing crackdown on the problems posed by unsolicited texts messages to mobile phones and his intention to continue to work hard to integrate privacy at the initiation stage in relation to new proposals and technologies.

 

 

[Note:  The Annual Report is available for download in PDF version from the Data Protection Commissioner's website:    www.dataprotection.ie]

 

Media Queries              Mr. Diarmuid Hallinan

 

Telephone                    (057) 868 4800

Fax                              (057) 868 4757

Email                            dphallinan@dataprotection.ie

Website                        www.dataprotection.ie