The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission
Press Release - 30th April 2003 11.30 a.m.

People are not fully aware of their Privacy Rights says Data Protection Commissioner

Annual Report for 2002 published

"While the privacy rights of citizens and consumers are very important to them, alas they are not fully aware of them", said Data Protection Commissioner, Mr Joe Meade, today at the launch of his 2002 Annual Report. Mr Meade issued a note of concern when he outlined the detailed findings of a Public Awareness Survey that revealed that people regarded protection of personal privacy as being very important. While 39% surveyed were aware of his Office's role compared to 25% in 1997 the Commissioner is not happy with this overall level of awareness. [see pgs 45-49 of Report].

He stated that for the information society to succeed it is vital that good data protection practices are in place .He cautions that unless a proportionate response is taken for anticrime and national security measures, information sharing, surveillance and antifraud measures peoples' human right to privacy could be diminished. [see p 3 of Report].

He fears that the proposal to make the PPSN a unique health identifier number could be the start of "function creep" and the creation of a national identity number by the " back door". [see pgs 50-51 of Report].

He looks forward to implementing the Data Protection (Amendment) Act 2003 during the current year as it enhances privacy rights and extends data protection law to manual records.


The Commissioner's Report gives details of his investigations into complaints made by individuals, who were concerned about the use of computer files. He stated, in response to these investigations, that organisations must take peoples' privacy seriously as otherwise public credibility will suffer and business will be lost. Among the issues considered by the Commissioner the following raise significant privacy issues:

Banks -The Commissioner was concerned that a prominent merchant bank was recording customer phone calls in a less than transparent manner [see p24/5 of Report] while another major retail bank disclosed data relating to other account holders to a customer. In the latter case the Commissioner was far from impressed with the Bank's initial response to the customer and to his Office [see pgs35/36 of Report]

Gardai – In response to an access request the Gardai discovered that inappropriate and unnecessary personal data of a member of the public was recorded on the "Pulse" system. [see pgs 26/27 of Report] .He also investigated the concern of a journalist that the Gardai had accessed her mobile phone records without proper authority. The complex legal issues in this case are outlined in the Report [see pgs29/30of Report]

Motor Insurance – the Commissioner was not convinced that your marital status was necessary information to be requested by companies in deciding whether to grant insurance. The practice ceased after his intervention. [see p24 of Report]

Department of Defence and Army Deafness claims – The method of release of compensation awards details to the Department of Social and Family Affairs was in breach of the Data Protection Act. While the Commissioner is as anxious as anyone that anti fraud measures are taken, nevertheless Government is not a universal Data Controller and has to respect laws. Otherwise there would be no need for specific legislative measures introduced over many years to prevent "Big Brother" situations. [see pgs 32/34 of Report]

General Election Canvassing and other direct marketing methods – The Commissioner ruled that automated phone recorded messages delivered on the eve of the 2002 General Election polling day was direct marketing and as such could only be made if prior consent was received. He also stopped other automated marketing sms text and fax messages. The awareness study revealed that 60% of people detest marketing phone calls. [see pgs 27/28of Report]

Chemists and Infectious Diseases – the Department of Health and Children withdrew a circular, which required that chemists notify the Health Boards of prescription drugs issued to tuberculosis patients. While the Commissioner understands the importance from a public health perspective of having a reliable reporting system in place for infectious diseases, the law at present only requires doctors to so notify. [see p37 of Report]

Dublin Women's Mini Marathon– The organiser disclosed the database to a photographic company who put photographs on the Internet. Competitors could purchase their photographs but they were not made aware of this practice nor given an option to decline this service. The entry form has since been changed. [see pgs 30/31of Report]

Enquiries and Complaints

The Data Protection Commissioner noted that the number of enquiries with his Office increased from 2,900 in 2001 to 3200 in 2002, while the official Data Protection website, www.dataprivacy.ie, recorded approximately 20,000 'hits' during the year. The most common specific queries related to the right to access personal data; the credit reference system; and direct marketing. The Commissioner noted that the complexity of enquiries was increasing. [see pgs11/12 of Report]

The number of formal complaints concluded in 2002 was 295 as against 171 the previous year, with 182 new complaints being received (175 in 2001). Complaints mainly concerned organisations in central and local government (9%); direct marketing sector (10%); public services (17%); financial services (24%); telecommunications and IT sector (16%); health and medical sector (7%). The Commissioner indicated that 19% of complaints were upheld, 37% were not upheld, while 44% were resolved informally. [see pgs 12/14of Report]


While registrations with his office rose by 18% to 3,632 he drew attention to a bogus registration company, which was issuing notices to companies. He has referred the matter to the Gardai [see p15 of Report]

[Note: The Annual Report is available for download in PDF version from the Data Protection Commissioner's website]

Media Queries:

Mr Seán Sweeney

Telephone (01) 874 8544Fax: (01) 874 5405