Data Protection & FOI Data Protection: Background Human Right to Privacy Unenumerated right under...
-
Upload
jocelin-baker -
Category
Documents
-
view
218 -
download
2
Transcript of Data Protection & FOI Data Protection: Background Human Right to Privacy Unenumerated right under...
Data Protection & FOI
Data Protection: Background
• Human Right to Privacy• Unenumerated right under Irish
Constitution• Explicit right under European
Convention on Human Rights ECHR Act 2003
• EU Data Protection Directives
EU & Irish Legislation• Data Protection
Directive 95/46/EC• Electronic Privacy
Directive 2002/58/EC
• EUROPOL etc
• Data Protection Acts 1988 & 2003
• EC Electronic Privacy Regulations 2003 (SI 535/2003)
• Corresponding Acts• Good Friday
Agreement• Disability Act 2005
Definitions: DP Personal Data “Data relating to a living individual who is or can
be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller “ (DP Act, Section 1)
Applies to any data that is processed (includes hosting) using any medium by a legal entity. Therefore paper, computer, network, web, phone etc.
FOI Personal Information (narrower)means information about an identifiable individual
that_
(a) would, in the ordinary course of events, be known only to the individual or members of the family, or friends, of the individual, or
(b) is held by a public body on the understanding that it would be treated by it as confidential, and, without prejudice to the generality of the foregoing, includes etc………….
DP FOI• Information relating to
the living individual only• Information held on a
relevant filling system• Some potential to claim
“disproportionate effort” in rare circumstances
• Also relates to the deceased
• Need to search for information
• No provision for not retrieving documents
DP/FOI Access to Personal Information • DP and FOI Acts reinforce one
another in relation to personal access in the public sector
• Defending access to personal information as human (DP) and citizen (FOI) right
Access to personal info: DP v FOI ?• New Circular no 23 from D/Finance • Where a request is made to a public
body by, or behalf of, a person seeking access to their own personal information under the Freedom of Information Act, this request should also be taken as a request under the Data Protection Acts
Legislative Basis• Section 1(5) of the Data Protection Act 1988
and 2003 requires co-operation between Data Protection and Information Commissioners
• Section 7(7) of the FOI Act imposes a duty on public bodies to assist people who request information or access to a record from a public body otherwise than under FOI.
Procedural Arrangements• Decision should be made in shortest time
possible under the Acts. Usually FOI at 20 Working days
• Suggest that public bodies review information on hand under each legislative framework and give the person the maximum amount of their personal data
Procedural Arrangements (2)• if the decision is to grant access in full, there is
no necessity to mention the other Act in the decision issued to the requester.
• If the decision is to refuse an individual access to some or all of her/his personal information, the decision letter should refer to the individual's tight to internal review under the FOI Acts and to the right to complain to the Data Protection Commissioner under the Data Protection Acts.
The Right of Access (1)• Data subject must apply in writing & provide
sufficient information to satisfy data controller of his/her identity … … and to locate any relevant data
• Data controller must give data subject a description of personal data held, its purpose and to whom it may be disclosed
• Data controller must supply a copy of the data in intelligible format
Right of Access(2): Restrictions
• Investigation of crime, or assessing tax Subject to case-by-case “prejudice” test
• International relations of the State• legal professional privilege• estimate of liability for damages or compo.• data kept by DP or Info Commissioners for their
functions• Health and Social Work data: special provisions
Disclosure of Personal info to Third PartiesDP• No provision for
release of personal information to third parties
• No obligation to release information in relation to third parties when responding to access request
FOI• Where a public
interest outweighs the individual’s right to privacy
• consent