1 / 14

Data Protection & FOI

Data Protection & FOI. Data Protection: Background. Human Right to Privacy Unenumerated right under Irish Constitution Explicit right under European Convention on Human Rights ECHR Act 2003 EU Data Protection Directives. Data Protection Directive 95/46/EC

feivel
Télécharger la présentation

Data Protection & FOI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection & FOI

  2. Data Protection: Background • Human Right to Privacy • Unenumerated right under Irish Constitution • Explicit right under European Convention on Human Rights ECHR Act 2003 • EU Data Protection Directives

  3. Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection Acts 1988 & 2003 EC Electronic Privacy Regulations 2003 (SI 535/2003) Corresponding Acts Good Friday Agreement Disability Act 2005 EU & Irish Legislation

  4. Definitions: DP Personal Data • “Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller “ (DP Act, Section 1) • Applies to any data that is processed (includes hosting) using any medium by a legal entity. Therefore paper, computer, network, web, phone etc.

  5. FOI Personal Information (narrower) means information about an identifiable individual that_(a) would, in the ordinary course of events, be known only to the individual or members of the family, or friends, of the individual, or(b) is held by a public body on the understanding that it would be treated by it as confidential, and, without prejudice to the generality of the foregoing, includes etc………….

  6. Information relating to the living individual only Information held on a relevant filling system Some potential to claim “disproportionate effort” in rare circumstances Also relates to the deceased Need to search for information No provision for not retrieving documents DP FOI

  7. DP/FOI Access to Personal Information • DP and FOI Acts reinforce one another in relation to personal access in the public sector • Defending access to personal information as human (DP) and citizen (FOI) right

  8. Access to personal info: DP v FOI ? • New Circular no 23 from D/Finance • Where a request is made to a public body by, or behalf of, a person seeking access to their own personal information under the Freedom of Information Act, this request should also be taken as a request under the Data Protection Acts

  9. Legislative Basis • Section 1(5) of the Data Protection Act 1988 and 2003 requires co-operation between Data Protection and Information Commissioners • Section 7(7) of the FOI Act imposes a duty on public bodies to assist people who request information or access to a record from a public body otherwise than under FOI.

  10. Procedural Arrangements • Decision should be made in shortest time possible under the Acts. Usually FOI at 20 Working days • Suggest that public bodies review information on hand under each legislative framework and give the person the maximum amount of their personal data

  11. Procedural Arrangements (2) • if the decision is to grant access in full, there is no necessity to mention the other Act in the decision issued to the requester. • If the decision is to refuse an individual access to some or all of her/his personal information, the decision letter should refer to the individual's tight to internal review under the FOI Acts and to the right to complain to the Data Protection Commissioner under the Data Protection Acts.

  12. The Right of Access (1) • Data subject must apply in writing & provide sufficient information • to satisfy data controller of his/her identity … • … and to locate any relevant data • Data controller must give data subject a description of personal data held, its purpose and to whom it may be disclosed • Data controller must supply a copy of the data • in intelligible format

  13. Right of Access(2): Restrictions • Investigation of crime, or assessing tax • Subject to case-by-case “prejudice” test • International relations of the State • legal professional privilege • estimate of liability for damages or compo. • data kept by DP or Info Commissioners for their functions • Health and Social Work data: special provisions

  14. DP No provision for release of personal information to third parties No obligation to release information in relation to third parties when responding to access request FOI Where a public interest outweighs the individual’s right to privacy consent Disclosure of Personal info to Third Parties

More Related