Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission
Press Release - 04 September, 2001

Privacy Safeguards are Vital for e-Commerce says Data Protection Commissioner

Annual Report for 2000 published

"Respect for the fundamental human right to privacy and data protection is the key enabler of e-Commerce and e-Government," said Data Protection Commissioner Joe Meade today [Tuesday 4th September 2001] at the publication of his Annual Report for 2000. "These initiatives simply have to be built upon public credibility and assurance about the right to privacy. This assurance is exactly what data protection law provides."

REACH Initiative: Electronic Government

The Commissioner welcomed the Government's REACH initiative, to deliver public services electronically, and share personal data within the State sector, saying that this initiative "is capable of respecting people's privacy and data protection rights." However, the Commissioner laid down firm privacy guidelines, and emphasized that participation in REACH should be voluntary. "No-one should have their details loaded on the REACH database without their full and informed consent," said the Commissioner. [see p. 39 of Report.]

Unsolicited Direct Marketing

The Commissioner called for Government agencies to take a "common, coherent approach" to the question of direct marketing and the right to privacy. A number of different initiatives are now underway in this area, including:

  • the main Data Protection Directive (currently being considered by the Department of Justice, Equality and Law Reform), which requires "unambiguous consent" before direct marketing can proceed
  • the provisions limiting the use of the electoral register for direct marketing, contained in the Electoral (Amendment) Bill, 2000 (brought forward by the Department for the Environment and Local Government)
  • the provisions of the 1997 Telecommunications Directive (now being considered by the Department of Public Enterprise), which allow for either an "opt-out" or "opt-in" system for consenting to unsolicited telephone marketing calls, and
  • the provisions of the 2000 E-Commerce Directive, currently being considered by the Department of Enterprise, Trade and Employment, allowing for a possible "opt-out" register for unsolicited commercial e-mails.

The Commissioner commented: "Opt-out registers might be useful in some circumstances – but if individuals have not given their unambiguous consent to receive unwanted phone calls or spam e-mail, then direct marketers will have problems under data protection law. It is therefore advisable for the different Government agencies to come together on this topic, and adopt a common, coherent approach, which respects the fundamental right to privacy. " [see page 5 of Report]

[Note for editors: An "opt-in" register allows people to indicate that they consent to receiving direct marketing – sometimes called "active consent". An "opt-out" register allows people to indicate that they object to receiving direct marketing – sometimes called "passive consent".]

Case Studies

The Annual Report details a number of investigations carried out by the Data Protection Commissioner during 2000. These include:

  • The Department of Education & Science – the Commissioner found that the way in which the Department used the payroll database, to withhold pay from teachers engaged in industrial action, was wrong [see page 24 of Report]
  • Eircom – a mailshot to ex-directory subscribers, proposing to disclose some of their details to other telecommunications companies, was criticized by the Commissioner
    [see page 30 of Report]
  • Irish Credit Bureau (ICB) – the Commissioner has disallowed the practice of disclosing "close matches" for credit referencing. Under this practice, the ICB, when asked by a bank for the credit history of a named individual, gave the credit history of a number of different individuals of similar name or address. In disallowing this practice, the Commissioner called on financial institutions to make better efforts to identify customers and establish their proper address. [see page 28 of Report]
  • Laser Cards – The Commissioner found that the printing of customers' addresses on Laser Card receipts was in breach of data protection law. The financial institution involved in this case took prompt steps to correct this matter.
    [see page 32 of Report]
  • An Garda Síochána – An individual complained that the Gardaí had not responded properly to an access request. While there were some inaccuracies in the details kept about the individual on the Criminal Records Database, the Data Protection Commissioner did not uphold the complaint that the Gardaí had failed to respond promptly to the access request.
    [see page 22 of Report]

Enquiries and Complaints

The Data Protection Commissioner noted that the number of enquiries with his Office rose from 2,200 in 1999 to over 3,100 in 2000 – an increase of over 40%. Many of these requests concerned credit ratings, direct marketing, and access requests. Companies contacting the Commissioner's Office also queried the new data protection legislation and the process of registration under the Act. [see page 10 of Report]

The number of formal complaints in 2000 rose to 131, compared with 105 in 1999 – an increase of 25%. Most complaints involved organizations in the telecommunications and IT sectors, financial institutions, direct marketing companies and public services. The Commissioner noted that the backlog of cases on hands was still increasing, and this – together with the increasing complexity and sophistication of issues – had obvious implications for the level of staffing in his Office. [see page 11 of Report]

[Note: The Annual Report is available for download in PDF version from the Data Protection Commissioner's website]

Media Queries:
Mr Ronnie Downes
Asst Commissioner
Telephone (01) 874 8544
Fax: (01) 874 5405

e-mail: rdownes@dataprivacy.irlgov.ie