Abstract
This chapter focuses on privacy and data protection in Ireland. The first section deals with the general situation regarding privacy and personal data protection. The second section deals with national government policies. The third section deals with laws and regulations. The fourth section deals with implementation. The fifth section deals with regulatory authorities and enforcement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
McGee v. Attorney General [1974] IR 284; Kennedy and Arnold v. Attorney General [1987] IR 587.
- 2.
- 3.
- 4.
CJEU 6 October 2015, case C-362/14, Facebook/Schrems, ECLI:EU:C: 2015:650.
- 5.
Case number C-293/12. Court of Justice of the European Union. 8 April 2014.
- 6.
- 7.
Eurobarometer 431 2015, p. 109.
- 8.
Eurobarometer 431 2015, p. 110.
- 9.
Eurobarometer 431 2015, p. 113.
- 10.
Consent Country Report Ireland 2012, p. 3.
- 11.
Eurobarometer 431 2015, p. 10.
- 12.
Eurobarometer 431 2015, p. 29.
- 13.
Eurobarometer 431 2015, p. 32.
- 14.
Eurobarometer 431 2015, p. 40.
- 15.
Vodafone Survey on Big Data 2016, p. 79.
- 16.
Consent Country Report Ireland 2012, p. 4.
- 17.
Consent Country Report Ireland 2012, p. 33.
- 18.
Consent Country Report Ireland 2012, p. 4.
- 19.
Consent Country Report Ireland 2012, p. 4.
- 20.
Consent Country Report Ireland 2012, p. 4.
- 21.
Consent Country Report Ireland 2012, p. 4.
- 22.
Eurobarometer 431 2015, p. 92.
- 23.
Eurobarometer 431 2015, p. 95.
- 24.
Eurobarometer 431 2015, p. 98.
- 25.
Consent Country Report Ireland 2012, p. 4.
- 26.
Consent Country Report Ireland 2012, p. 3.
- 27.
Consent Country Report Ireland 2012, p. 39.
- 28.
“Deputy Terence Flanagan asked the Minister for Public Expenditure and Reform Information on Brendan Howlin Zoom on Brendan Howlin if there are service level agreements between Government Departments regarding the sharing of data, for example, between the Revenue Commissioners and the Department of Social Protection; and if he will make a statement on the matter.” http://oireachtasdebates.oireachtas.ie/debates%20authoring/debateswebpack.nsf/(indexlookupdail)/20131120~WRO?opendocument#WRO00800.
- 29.
- 30.
- 31.
One of the more recent initiatives is a report by the Law Reform Commission which is accompanied by a draft bill. http://www.irishexaminer.com/ireland/new-laws-to-combat-online-abuse-such-as-cyberbullying-and-revenge-porn-422963.html.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
See previous footnotes for the primary policy issues of each party.
- 39.
- 40.
Labour Party Manifesto, p. 101, available at https://www.labour.ie/download/pdf/labour_manifesto_2016.pdf.
- 41.
- 42.
http://www.taoiseach.gov.ie/eng/publications/publications_2015/government_data_forum.html. Within the Department of the Taoiseach there is the Data Protection Division, but it is not clear what their responsibilities are. The website merely has links to the minutes of the Government Data Forum meetings. See http://www.taoiseach.gov.ie/DOT/eng/Work_Of_The_Department/Data_Protection_Division/Data_Protection_Division.html.
- 43.
Based on survey results (see Sect. 1.3.4).
- 44.
Based on survey results (see Sect. 1.3.4).
- 45.
Based on survey results (see Sect. 1.3.4).
- 46.
- 47.
Edwards 2014.
- 48.
- 49.
Cullen 2009.
- 50.
Kennedy 2008.
- 51.
Mulligan 2014.
- 52.
- 53.
Weckler 2016.
- 54.
‘61% of organisations had data breach in 2016 – survey’, RTE.ie, https://www.rte.ie/news/2017/0119/846140-data-breaches/.
- 55.
See Collins v FBD Insurance Plc [2013] IEHC 137 (14 March 2013), available at http://www.bailii.org/cgi-bin/format.cgi?doc=/ie/cases/IEHC/2013/H137.html&query=(fbd), which awarded damages of €15,000 in relation to data protection, however the award was overturned on appeal to the High Court; and Mc Keogh v John Doe 1 & Ors [2012] IEHC 95 (26 January 2012), available at http://www.bailii.org/cgi-bin/format.cgi?doc=/ie/cases/IEHC/2012/H95.html&query=(mc)+AND+(keogh), which was settled.
- 56.
Based on survey results (see Sect. 1.3.4).
- 57.
Based on survey results (see Sect. 1.3.4) [summary of survey responses from experts].
- 58.
Digital Rights Ireland Limited, Income and Expenditure Account for the year ended 31 December 2015.
- 59.
These cases are mentioned in more detail below.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
DPC 2015, p. 3.
- 66.
DPC 2015, p. 13.
- 67.
- 68.
The GDPR and You, General Data Protection Regulation, Preparing for 2018, Data Protection Commissioner of Ireland, at pp. 9–10, available at https://www.dataprotection.ie/docimages/documents/The%20GDPR%20and%20You.pdf.
- 69.
More information on the Government Data Forum can be found just below.
- 70.
DPC 2015, p. 15.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
Based on survey results (see Sect. 1.3.4).
- 85.
- 86.
[2013] IEHC 137.
- 87.
Section 1(4).
- 88.
Kelleher 2015, p. 91.
- 89.
[2012] IEHC 264.
- 90.
Case C-582/14.
- 91.
Section 10(1)(b)(ii).
- 92.
- 93.
Based on survey results (see Sect. 1.3.4). Case C 201/14, Bara and others v. Președintele Casei Naționale de Asigurări de Sănătate, Casa Naţională de Asigurări de Sănătate and Agenţia Naţională de Administrare Fiscală (ANAF).
- 94.
- 95.
Carney and Bohan 2016.
- 96.
Lavery 2018.
- 97.
- 98.
See the list in S.1 [No. 25.] DPActs.
- 99.
S. 2B DPActs.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
For the full list, see https://www.dataprotection.ie/docs/Self_Regulation_and_Codes_of_Practice/m/98.htm.
- 107.
- 108.
See for instance the Association of Data Protection Officers, https://dpo.ie/about.
- 109.
- 110.
Based on survey results (see Sect. 1.3.4).
- 111.
Based on survey results (see Sect. 1.3.4).
- 112.
Based on survey results (see Sect. 1.3.4).
- 113.
Based on survey results (see Sect. 1.3.4).
- 114.
Based on survey results (see Sect. 1.3.4).
- 115.
Based on survey results (see Sect. 1.3.4).
- 116.
Carney and Bohan 2016.
- 117.
Breach Notification Guidance, https://www.dataprotection.ie/docs/Data-Breach-Handling/901.htm.
- 118.
Based on survey results (see Sect. 1.3.4).
- 119.
Based on survey results (see Sect. 1.3.4). Data Protection Commissioner, ‘2013 Privacy Sweep Results’, 2013, https://www.dataprotection.ie/documents/GPEN2013.pdf.
- 120.
Data Protection Commissioner, ‘Global Privacy Sweep Raises Concerns about Mobile Apps’, 2014, https://www.dataprotection.ie/docs/10-09-14-Global-Privacy-Sweep-raises-concerns-about-mobile-apps/i/1456.htm.
- 121.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf, p. 14.
- 122.
Consent Country Report Ireland 2012, p. 37.
- 123.
Consent Country Report Ireland 2012, p. 37.
- 124.
Based on survey results (see Sect. 1.3.4).
- 125.
- 126.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf, p. 5.
- 127.
DPC 2015, p. 4.
- 128.
As discussed in Sect. 6.3.
- 129.
- 130.
- 131.
- 132.
See Sect. 6.3.
- 133.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20AR2015_FINAL-WEB.pdf.
- 134.
- 135.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf, p. 13.
- 136.
These relate to data protection breaches by Telefonica Ireland Limited, Arizun Services Ireland Limited and Aer Lingus. See DPC 2015, p. 7.
- 137.
Based on survey results (see Sect. 1.3.4). Such measures may include “correcting the data, blocking the data from use for certain purposes, supplementing the data with a statement which the Commissioner approves, or erasing the data altogether”. See Powers of the Data Commissioner, Data Protection Commissioner of Ireland, available at https://www.dataprotection.ie/docs/Powers-of-the-Data-Protection-Commissioner/e/96.htm#The Commissioner's Power to Enforce Compliance with the Act.
- 138.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf, p. 13.
- 139.
Ibid., p. 12.
- 140.
Data Protection Commissioner, ‘Annual Report 2017’, 2018, https://www.dataprotection.ie/docimages/documents/DPC%20Annual%20Report%202017.pdf, p. 16.
- 141.
- 142.
Based on survey results (see Sect. 1.3.4).
- 143.
Based on survey results (see Sect. 1.3.4).
- 144.
Collins v FBD Insurance Plc [2013] IEHC 137 (14 March 2013), available at http://www.bailii.org/cgi-bin/format.cgi?doc=/ie/cases/IEHC/2013/H137.html&query=(fbd).
- 145.
Digital Rights Ireland Ltd v Minister for Communication & Ors [2010] IEHC 221 (05 May 2010). [2010] 3 IR 251, [2010] IEHC 221, available at http://www.bailii.org/cgi-bin/format.cgi?doc=/ie/cases/IEHC/2010/H221.html&query=%28digital%29+AND+%28rights%29+AND+%28ireland%29.
- 146.
Based on survey results (see Sect. 1.3.4). See e.g. Collins v FBD Insurance Plc [2013] IEHC 137 (14 March 2013), available at http://www.bailii.org/cgi-bin/format.cgi?doc=/ie/cases/IEHC/2013/H137.html&query=(fbd).
- 147.
Based on survey results (see Sect. 1.3.4).
- 148.
Based on survey results (see Sect. 1.3.4).
- 149.
Based on survey results (see Sect. 1.3.4).
- 150.
Based on survey results (see Sect. 1.3.4). Edwards, ‘Independence of Data Protection Commissioner Questioned’.
- 151.
- 152.
- 153.
McGeveran 2016.
- 154.
Fry 2016.
- 155.
References
Carney A, Bohan A (2016) Chapter 14 – Ireland. The Privacy, Data Protection and Cybersecurity Law Review. Law Business Research
Consent Country Report Ireland (2012) Consumer sentiment regarding privacy on user generated content (UGC) services in the digital economy. https://www.consent.law.muni.cz/
Cullen P (2009) Bord Gáis Failed to Say Stolen Laptop Data Not Encrypted. The Irish Times, 19 June 2009, http://www.irishtimes.com/news/bord-g%C3%A1is-failed-to-say-stolen-laptop-data-not-encrypted-1.787045
Deegan G (2016) Cyber attack victim firm Loyaltybuild in Clare has €18m loss, Irish Examiner, 2 February 2016, http://www.irishexaminer.com/business/cyber-attack-victim-firm-loyaltybuild-in-clare-has-18m-loss-379472.html
DPC (2015) Annual Report of the Data Protection Commissioner of Ireland, available at https://www.dataprotection.ie/docimages/documents/DPC%20AR2015_FINAL-WEB.pdf
Edwards E (2014) Loyaltybuild Reopens for Business after Huge Data Breach. The Irish Times, 12 March 2014, http://www.irishtimes.com/news/consumer/loyaltybuild-reopens-for-business-after-huge-data-breach-1.1722266
Edwards E (2016a) Civil Service Payroll System to Be Audited Following Data Breach. The Irish Times, 20 June 2016, http://www.irishtimes.com/news/ireland/irish-news/civil-service-payroll-system-to-be-audited-following-data-breach-1.2691360
Edwards E (2016b) Data Protection Commissioner Helen Dixon Accuses Lawyers of “digital Ambulance Chasing”. The Irish Times, 7 July 2016, http://www.irishtimes.com/business/technology/data-protection-commissioner-helen-dixon-accuses-lawyers-of-digital-ambulance-chasing-1.2712459
Eurobarometer Survey 431 (2015) Attitudes on Data Protection and Electronic Identity in the European Union. Brussels, June 2015
Fry W (2016) Europe for Big Data, November 2016, http://www.williamfry.com/docs/default-source/reports/william-fry-europe-for-big-data-report.pdf?sfvrsn=0
Hawkes B (2016) The Irish DPA and Its Approach to Data Protection. In: Wright D, De Hert P (eds) Enforcing Privacy. Springer International Publishing, Cham, p. 446 and p. 454, http://link.springer.com/10.1007/978-3-319-25047-2_18
Kelleher D (2015) Privacy and Data Protection Law in Ireland. Bloomsbury Professional, Haywards Heath
Kennedy E (2008) Victims of BoI Laptop Theft Treble to 31,500. Independent.ie, 29 April 2008, http://www.independent.ie/irish-news/victims-of-boi-laptop-theft-treble-to-31500-26442003.html
Lavery P (2018) Ireland issues Data Protection Bill to implement the GDPR. Privacy Laws & Business, Issue 151, February 2018
Lillington K (2015) Strong Data Protection Laws Better for EU than Sniping. The Irish Times, 23 April 2015, http://www.irishtimes.com/business/technology/strong-data-protection-laws-better-for-eu-than-sniping-1.2185370
Logue F (2016) Data Protection Chief Must Not Distance Herself from Complainants. The Irish Times, 9 August 2016, http://www.irishtimes.com/business/technology/data-protection-chief-must-not-distance-herself-from-complainants-1.2750669
McGeveran W (2016) Friending the Privacy Regulators. Social Science Research Network, Rochester, NY, 5 August 2016, https://papers.ssrn.com/abstract=2820683
McIntyre TJ (2014) Why Ireland Must Protect Privacy of Irish Emails and Internet Usage from Surveillance. The Irish Times, 20 December 2014, http://www.irishtimes.com/opinion/why-ireland-must-protect-privacy-of-irish-emails-and-internet-usage-from-surveillance-1.2044384
McIntyre TJ (2014) The State Must Be More Mindful of Your Private Data. Independent.ie, 21 August 2014, http://www.independent.ie/opinion/the-state-must-be-more-mindful-of-your-private-data-30524449.html
McIntyre TJ (2015) Europe Has Failed in Duty to Protect Citizens over Web Privacy Threat. Independent.ie, 7 October 2015, http://www.independent.ie/opinion/comment/europe-has-failed-in-duty-to-protect-citizens-over-web-privacy-threat-31589481.html
Mulligan J (2014) Massive Data Breach at Paddy Power Bookmakers. Independent.ie, 31 July 2014, http://www.independent.ie/business/irish/massive-data-breach-at-paddy-power-bookmakers-30474614.html
Taylor C (2016) Ireland Seen as Contender for Data-Driven Investments. The Irish Times, 16 November 2016, http://www.irishtimes.com/business/technology/ireland-seen-as-contender-for-data-driven-investments-1.2870112
The Independent (2015) Data Office Still Underfunded despite €1m Boost in Budget. Independent.ie, 21 October 2015, http://www.independent.ie/business/technology/news/data-office-still-underfunded-despite-1m-boost-in-budget-34126722.html
Vodafone Survey on Big Data (2016) Big Data: A European Survey on the Opportunities and Risks of Data Analytics. http://www.vodafone-institut.de/bigdata/links/VodafoneInstitute-Survey-BigData-Highlights-en.pdf
Weckler A (2015a) Safe Harbour Is Gone but Europe Is Still Afraid to Tackle the US on Privacy. Independent.ie, 8 October 2015, http://www.independent.ie/business/technology/safe-harbour-is-gone-but-europe-is-still-afraid-to-tackle-the-us-on-privacy-31591450.html
Weckler A (2015b) German Jeers at Irish Data Privacy May Help Us. Independent.ie, 31 May 2015, http://www.independent.ie/business/technology/news/german-jeers-at-irish-data-privacy-may-help-us-31266778.html
Weckler A (2016) Tsunami of Data Breaches Strikes Irish Companies as Half Report Incidents. Independent.ie, 21 January 2016, http://www.independent.ie/business/technology/tsunami-of-data-breaches-strikes-irish-companies-as-half-report-incidents-34382305.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2019 T.M.C. Asser press and the authors
About this chapter
Cite this chapter
Custers, B., Sears, A.M., Dechesne, F., Georgieva, I., Tani, T., van der Hof, S. (2019). Ireland. In: EU Personal Data Protection in Policy and Practice. Information Technology and Law Series, vol 29. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-282-8_6
Download citation
DOI: https://doi.org/10.1007/978-94-6265-282-8_6
Published:
Publisher Name: T.M.C. Asser Press, The Hague
Print ISBN: 978-94-6265-281-1
Online ISBN: 978-94-6265-282-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)