The Gazette 1987

SEP T EM BER 1987

GAZETTE

Data Protection Legislation: A Task for the Dáil?

The Convention may however prove to be the major factor in bringing about data protection legislation in Ireland. It restricts the type of information which may be transferred by computer from countries where it is in force to

last Dail, and so lapsed, and would have to be re-introduced. Part of the Bill dealt with public access to official documents, subject to certain exemptions. The other part dealt with "personal records", which provided that companies, financial institutions and public bodies (including government departments) were to be limited in the nature and extent of the personal records they could hold. This relates to the requirement in many other European countries that personal data may be held for specific purposes only, which in some cases must be registered with a national data regulatory agency. The first concern in this area is that records be accurate. The 1985 Bill provided that an individual should have a right to see a copy of his/her own personal record (Section 35), with the exception of Garda records (Section 31(f) ). It provided that the "data subject" might request corrections, additions, or deletions (Section 36), which could be appealed to court of law and that if unsuccess- ful, the person concerned might have a statement appended to the record, setting out the areas of dispute. The other main concern is that of security. Section 31 of the Bill specifies that the wr i t t en permission of the person con- cerned was to be required for any disclosure of information to an outside body, with certain ex- ceptions. These included dis- closures to the Gardai, Revenue Mr. Kilroy is the winner of the Law Society Journalism Prize 1987. This annual prize is intended to encourage interest in the writing of articles on legal topics among students st-udying for the Graduate Diploma in Journalism at NIHE, Dublin.

The amount of information held by computers on each of us grows as we become an increasingly com- puterised society. Banks, govern- ment departments and employers hold large quantities of sensitive personal records, which they are free to swop and compare if they wish, in the absence of any data protection legislation in Ireland. Most European countries, as well as the US, Australia and New Zealand, have some kind of data protection legislation on their statute books. The principles involved are that (1) personal data (i.e. information relating to an identifiable individual) must be accurate and open to inspection, and if necessary, correction; (2) personal data must be secure from unauthorised access or dis- tribution. Credit reference agencies are often cited as an example of personal record keeping for which there should be controls. They provide information to businesses on an individual's credit rating. A customer may find a credit facility or overdraft being refused, un- aware that this is because of infor- mation supplied by a credit reference agency. The information may be incorrect or out of date, possibly arising out of a misunder- standing or disputed payment, and is not available to the individual to contest. Council of Europe Convention The Council of Europe has drawn up a Convention for the Protection of the Individual with regard to Automatic Processing of Data. This came into force in October 1985. Its eight principles, set out in Articles, 5, 6 and 7, were in- corporated in the UK's Data Protection Act (1984). Ireland was unable to sign the Convention however, as no legislation was being prepared by the government which would enforce it here.

by WALTER KILROY*

those without equivalent safe- guards. The European countries where it applies include Ranee and Germany, wi th Britain also operating restrictions. Ireland's trade with these countries could be adversely affected, as well as making the country less attractive for foreign investors, if databases are not secure and transfers are subject to restrictions. The Constitutional basis for privacy has usually been accepted by the courts in a general sense. The recent High Court award to two journalists whose telephones were tapped (Arnold and Kennedy vs. Ireland and Others) (High Court, unreported, 12.1.1987) is rele- vant, however. The European Court of Human Rights found that a case of phone tapping in Britain was also in breach of the European Convention on Human Rights and Fundamental Freedoms (Ma/one vs. UK, 1984). Seanad Bill A private member's bill which had been introduced in the Seanad in September 1985 sought to set out rights regarding personal records. The Fr eedom of Information Bill (1985) intro- duced by Sen. Brendan Ryan, was referred to the Joint Oireachtas Committee on Legislation. It was not however, considered by the Committee in the lifetime of the

261