The Gazette 1987

GAZETTE

SEP

BER 1987

Data Protection Legislation:

A Task for the Dáil?

The amount of information held by

computers on each of us grows as

we become an increasingly com-

puterised society. Banks, govern-

ment departments and employers

hold large quantities of sensitive

personal records, which they are

free to swop and compare if they

wish, in the absence of any data

protection legislation in Ireland.

Most European countries, as well

as the US, Australia and New

Zealand, have some kind of data

protection legislation on their

statute books. The principles

involved are that (1) personal data

(i.e. information relating to an

identifiable individual) must be

accurate and open to inspection,

and if necessary,

correction;

(2) personal data must be

secure

from unauthorised access or dis-

tribution.

Credit reference agencies are

often cited as an example of

personal record keeping for which

there should be controls. They

provide information to businesses

on an individual's credit rating. A

customer may find a credit facility

or overdraft being refused, un-

aware that this is because of infor-

mation supplied by a credit

reference agency. The information

may be incorrect or out of date,

possibly arising out of a misunder-

standing or disputed payment, and

is not available to the individual to

contest.

Council of Europe Convention

The Council of Europe has drawn

up a Convention for the Protection

of the Individual with regard to

Automatic Processing of Data. This

came into force in October 1985.

Its eight principles, set out in

Articles, 5, 6 and 7, were in-

corporated in the UK's Data

Protection Act (1984). Ireland was

unable to sign the Convention

however, as no legislation was

being prepared by the government

which would enforce it here.

The Convention may however

prove to be the major factor in

bringing about data protection

legislation in Ireland. It restricts the

type of information which may be

transferred by computer from

countries where it is in force to

WALTER KILROY*

those without equivalent safe-

guards. The European countries

where it applies include Ranee and

Germany, wi th Britain also

operating restrictions. Ireland's

trade with these countries could be

adversely affected, as well as

making the country less attractive

for foreign investors, if databases

are not secure and transfers are

subject to restrictions.

The Constitutional basis for

privacy has usually been accepted

by the courts in a general sense.

The recent High Court award to

two journalists whose telephones

were tapped

(Arnold and Kennedy

vs. Ireland and Others)

(High Court,

unreported, 12.1.1987) is rele-

vant, however. The European

Court of Human Rights found that

a case of phone tapping in Britain

was also in breach of the European

Convention on Human Rights and

Fundamental Freedoms

(Ma/one

vs. UK,

1984).

Seanad Bill

A private member's bill which

had been introduced in the Seanad

in September 1985 sought to set

out rights regarding personal

records. The

Fr eedom

Information Bill (1985)

intro-

duced by Sen. Brendan Ryan, was

referred to the Joint Oireachtas

Committee on Legislation. It was

not however, considered by the

Committee in the lifetime of the

last Dail, and so lapsed, and would

have to be re-introduced. Part of

the Bill dealt with public access to

official documents, subject to

certain exemptions. The other part

dealt with "personal records",

which provided that companies,

financial institutions and public

bodies (including government

departments) were to be limited in

the nature and extent of the

personal records they could hold.

This relates to the requirement in

many other European countries

that personal data may be held for

specific purposes only, which in

some cases must be registered

with a national data regulatory

agency.

The first concern in this area is

that records be accurate. The 1985

Bill provided that an individual

should have a right to see a copy

of his/her own personal record

(Section 35), with the exception of

Garda records (Section 31(f) ). It

provided that the "data subject"

might

request

corrections,

additions, or deletions (Section

36), which could be appealed to

court of law and that if unsuccess-

ful, the person concerned might

have a statement appended to the

record, setting out the areas of

dispute.

The other main concern is that of

security. Section 31 of the Bill

specifies that the

wr i t t en

permission of the person con-

cerned was to be required for any

disclosure of information to an

outside body, with certain ex-

ceptions. These included dis-

closures to the Gardai, Revenue

Mr. Kilroy is the winner of the

Law Society Journalism Prize

1987. This annual prize is

intended to encourage interest

in the writing of articles on

legal topics among students

st-udying for the Graduate

Diploma in Journalism at NIHE,

Dublin.

261