Data Protection Commissioner
Data Protection Commissioner

Press Release - 09/01/2001

What's New - Data Protection News and Website Updates

Data Protection Commissioner Requires Telecommunications Industry and Internet Access Providers to Register
In an important move to underpin individuals' privacy rights, the Data Protection Commissioner, Mr Joe Meade, today signed an order requiring all telecommunications companies and internet access providers to register with his office under the Data Protection Act, 1988.

Since the deregulation of the telecommunications industry a large number of companies have been licenced under section 111 of the Postal Telecommunications Act, 1983. However, there has been no legal requirement on such companies to register for the purposes of data protection law.

In addition, a new type of business which has developed in recent years is the provision of internet services. Such companies, known as Internet Access Providers (IAPs), provide a connection to the Internet to individuals. As with the telecommunications sector there has been no requirement on IAPs to register with his Office.

It is the Commissioner's view that, given the extensive databases which telecommunications companies and IAPs hold and the sensitive and personal nature of much of the data which they hold, all such companies should be registered.

The Commissioner today, with the consent of the Minister for Justice, Equality and Law Reform, John O'Donoghue, exercised his powers under the 1988 Act to make Regulations, known as the "Data Protection (Registration) Regulations, 2001", which require all telecommunications companies and internet access providers to register with effect from 10 January, 2001. This new measure will ensure that all internet access and telecommunications companies, who keep personal data about individuals, are seen to meet their privacy and data protection responsibilities in a transparent manner.

Commissioner Meade expressed confidence that this new legal requirement should be seen as enhancing Ireland's e-commerce environment -- particularly in the sensitive area of personal privacy.

Who Is Covered by the New Regulations?

The new regulations apply to -

all "telecommunications service providers", i.e. persons holding licences under section 111 of the Postal and Telecommunications Services Act, 1983, as amended by the European Communities (Telecommunications Licences) Regulatuions, 1998, and who hold personal data about individuals who use their services; and

all "internet access providers", i.e. persons who are wholly or partly in the business of providing individuals with access to the internet, and who hold personal data about these individuals.

The Regulations do not apply to --

  • internet service providers who provide web-hosting services for clients
  • internet service providers who provide internet access to corporate clients, as distinct from individuals
  • internet service providers who allow individuals access the internet, but who do not keep any personal data about such individuals
  • internet cafés which do not retain personal data about individual users of their services
  • telecommunications licence-holders whose business relates only to the telecommunications infrastructure, as distinct from the services delivered over that infrastructure, and who therefore do not hold personal data about individuals users of telecommunication services

-- unless, of course, any such internet service providers or telecommunications licence-holders come within the scope of the Regulations, by virtue of other services which they provide.

LINK» more about registration under the Data Protection Act, 1988
text of the new Regulations