Good morning ladies and gentlemen. Thank you for coming and may I wish you all the seasons greetings.
I was appointed Data Protection Commissioner in mid September 2000 having previously been Secretary General of the Office of the Comptroller and Auditor General. For the first three months of my appointment I set two key objectives
Firstly to ensure that the office would function in a satisfactory and proactive manner in ensuring that people's privacy rights were respected to the full letter of the law
Secondly to have in place by 31 December 2000 a web-site which would empower people to know more about their rights by using modern technology. I also felt that the media, data controllers and legal personnel should have ready access as to what I am about. This was necessary despite our very scarce resources (I only have a staff of 7), as in the modern era of e-Government and internet activity it is vital that this office is at the cutting edge of information provision in the rapidly changing information age society.
I am glad to say that due to the manner by which my staff responded so positively to my demands that both of these objectives have been fully met. I compliment all the staff for their efforts over the last three months but I want to pay a special tribute to Ronnie Downes who has done most of the work for our web-site. I also want to thank IBI who are our design consultants and ISP.
My first priority is to give people the tools they need to understand their own data protection rights, and then to help people in upholding those rights. The new web-site aims to answer all of the questions that people ask about their privacy, and give clear guidance on how people can protect their privacy. Separately, my Office will be engaging with the different business sectors to promote good practice, and the web-site contains detailed guidance for such data controllers.
The privacy environment for individuals is now undergoing a sea-change, with the increased popularity of web browsing and the era of e-commerce. This change involves new challenges for a privacy authority, and our new web-site is the first obvious step in rising to that challenge. While the privacy environment for the public may be changing, the common-sense principles of data protection remain constant.
The web-site to be launched is only a start and over the next few months we will expand on it and indeed improve it by
- Updating material where appropriate
- Expanding the pages by providing gui dance in various other areas such as public sector, e-commerce, employee rights etc
- Revising material when the EU directive is transposed into law in early 2001. This will also bring manual records under my domain.
- Publishing on the web-site the register of all data controllers, updated monthly - you can see that register in a few minutes.
It being an interactive web-site to people, controllers and office administration in line with the development of e-Government in Ireland.
Many people only know about this office when they personally have a complaint to make regarding an invasion of their privacy. This is not good enough, and I intend during 2001 initiating a series of data protection audits in various organisations to proactively ensure that organisations and other data controllers are adhering to their duties - this should not be seen as a threat but rather a desire on my part to assist data controllers in carrying out their responsibilities under Data Protection law. I also intend publishing in my annual report to Parliament the names of any data controllers who were in breach of data protection law or against whom I upheld complaints.
The coming year will be very busy for us as we are entering areas of extreme complexity which can affect peoples right to privacy. I need only mention the difficulties posed by the internet, the constant demand for more surveillance on people, the transflow of personal data around the world, the demands by various large organisations and government agencies in the perceived interest of efficiency or as a fraud prevention measure to share and share more data. These matters I have no problems with and I will not stand in the way of any of these initiatives provided that
- they are within the law
- they respect peoples right to privacy
- organisations are upfront as to what they are doing and the person knows exactly what is happening to any data he/she gives
- the small person's rights are respected no matter how much a large organisation may think differently or try to convince him/her that it makes life easier for them. In reality this is not the case in many instances.
I also intend to encourage organisations to adopt codes of practice and if I am happy with the codes I shall give them the effect of law by presenting them to Dáil Eireann. In this regard I compliment the Department of Health & Children for responding so positively to my suggestion to draw up a code of practice dealing with all aspects of sharing health data and my Deputy, Tom Lynch is on that working group. Likewise I will be encouraging all web-sites and ISPs to have a clear and straightforward privacy statement on web-sites. During 2001 we will also have to contend with the implications of telephone deregulation, internet advances, the burdens to be placed on us by the Directive being transposed into law as well as my increasing European role as the national supervisory body for peoples privacy taking account of the Europol, Schengen Customs Information System and Eurodac conventions.
So for the office its an exciting time but one which we look forward to with purpose. While I have wide legal powers I intend to continue to work in a spirit of partnership and to resolve disputes by mediation and consultation in the first place. However if I have to use my full legal powers I will do so as it is my legal responsibility to protect the fundamental right to privacy of natural persons with respect to the processing of personal data. As regards the media I expect that the new Irish law to be enacted in 2001 will implement the terms of the Directive which allows exemptions from Data Protection rules where it is necessary to reconcile the right to privacy with the rules governing freedom of expression.
Before I conclude may I thank the Minister for Justice, Equality and Law Reform and his officials for the support given to me, all government departments, all data controllers, the media and anybody else who have made life easy (and occasionally troublesome) for this office. I also want to thank the many people who have made inquiries and complaints to this office - like a TD's clinic its from them we often get the real picture and on many occasions these have alerted this office to major breaches of data protection law.
Finally I hope you will all find this web-site of value and I will welcome and expect comments as to how it can be improved. I respect the media for the vital role it plays in our democratic system and I and my office will be always willing to facilitate its requests as far as is feasible.
So it now gives me great pleasure to formally launch the web-site at www.dataprivacy.ie