Current Legislation

 

Compendium of Data Protection Acts 1988 & 2003

 

This index linked Compendium is produced simply as an aid to data controllers, data subjects and legal practitioners and does not purport to be the official text of the legislation. Consequently, at all times, the official texts of the legislation should be consulted as appropriate

 

[view more...] Published on 20 March 2006

 

 

 


 

Compendium of Data Protection Acts 1988 & 2003

 

This Compendium is produced simply as an aid to data controllers, data subjects and legal practitioners and does not purport to be the official text of the legislation. Consequently, at all times, the official texts of the legislation should be consulted as appropriate.

 

[view more...] Published on 30 April 2003

 

 

 


 

Data Protection Act 1988

 

An Act to give effect to the convention for the protection of individuals with regard to automatic processing of personal data done at Strasbourg on teh 28th January, 1981, and for that purpose to regulate in accordance with its provisions the collection, processing, keeping, use and disclosure of certain information relating to individuals that is processed automatically. [13th July, 1988]

 

[view more...]

 

 

 


 

Data Protection (Amendment) Act 2003

 

An Act to give effect to directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of the individual with regard to the processing of the personal data and on the free movement of such data, for that purpose to amend the Data Protection Act 1988 and to provide for related matters [10 April 2003]

 

[view more...] Published on 10 April 2003

 

 

 


 

S. I. No. 535 of 2003

 

I, Dermot Ahern, Minister for Communications, Marine and Natural Resources, in exercise of the powers referred on me by Section 3 of the European Communities Act, 1972 (No. 27 of 1972) for the purposes of giving effect to Directive No. 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and protection of privacy in the electronic communications sector, hereby make the following Regulations...

 

[view more...] Published on 12 July 2002

 

 

 


 

S.I. No. 207 of 2003

 

Data Protection (Amendment) Act 2003 (Commencement) Order 2003 I, Michael McDowell, Minister for Justice, Equality and Law Reform, in exercise of the powers conferred on me by section 23(3) of the Data Protection (Amendment) Act 2003 (No. 6 of 2003) hereby order as follows:1. This Order may be cited as the Data Protection (Amendment) Act 2003 (Commencement) Order 2003.........

 

[view more...]

 

 

 


 

S.I. No. 347 of 1988

 

Data Protection (Fees) Regulations, 1988 I, Gerard Collins, Minister for Justice, in exercise of the powers conferred on me by sections 4, 16 and 17 of the Data protection Act, 1988 (No. 25 of 1988), hereby, with the consent of the Minister for Finance, make the following regulations: 1. These Regulations may be cited as the Data Protection (Fees) Regulations, 1988.2. In these Regulations "the Act" means the Data Protection Act, 1988 (No. 25 of 1988)

 

[view more...]

 

 

 


 

S.I. No. 2 of 2001

 

Data Protection (Registration) Regulations, 2001. I, Joe Meade, Data Protection Commissioner, in exercise of the powers conferred on me by section 16(1)(e) of the Data Protection Act, 1988 (No. 25 of 1988), and with the consent of the Minister for Justice, Equality and Law Reform, hereby make the following regulations: 1. (1) These Regulations may be cited as the Data Protection (Registration) Regulations, 2001.....

 

[view more...]

 

 

 


 

S.I. No. 105 of 1996

 

Data Protection (Fees) Regulations, 1996. I, Nora Owen, Minister for Justice, in exercise of the powers conferred on me by section 17 of the Data Protection Act, 1988 (No. 25 of 1988), hereby, with the consent of the Minister for Finance, make the following regulations: 1. (1) These Regulations may be cited as the Data Protection (Fees) Regulations, 1996.(2) These Regulations shall come into operation on the 19th day of May, 1996......

 

[view more...]

 

 

 


 

S.I. No. 95 of 1993

 

Data Protection Act, 1988 (Section 5(1)(d)) (Specification) Regulations, 1993. I, Maire Geoghegan-Quinn, Minister for Justice, being of opinion that the functions described in column (1) of the Schedule to these Regulations, being functions conferred by or under the enactments specified in column (2) of that Schedule, are designed to protect members of the public against the financial loss referred to in subsection (1)(d) of section 5 of the Data Protection Act, 1988..............

 

[view more...]

 

 

 


 

S.I. No. 83 of 1989

 

Data Protection (Access Modification) (Social Work) Regulations, 1989. I, Gerard Collins, Minister for Justice, considering it desirable in the interests of data subjects, hereby, in exercise of the powers conferred on me by section 4 (8) of the Data Protection Act, 1988 (No. 25 of 1988), and after consultation with the Minister for Health, the Minister for Education, the Minister for the Environment, the Minister for Social Welfare and the Minister for Labour, make the following Regulations......

 

[view more...]

 

 

 


 

S.I. No. 82 of 1989

 

Data Protection (Access Modification) (Health) Regulations, 1989. I, Gerard Collins, Minister for Justice, considering it desirable in the interests of data subjects, hereby in exercise of the powers conferred on me by section 4 (8) of the Data Protection Act, 1988 (No. 25 of 1988), and after consultation with the Minister for Health, the Minister for Finance, the Minister for Education, the Minister for Social Welfare, the Minister for Defence and the Minister for Labour, make the following Regulations:

 

[view more...]

 

 

 


 

S.I. No. 81 of 1989

 

Data Protection Act, 1988 (Restriction of Section 4) Regulations, 1989. I, Gerard Collins, Minister for Justice, being of opinion that the prohibitions and restrictions on the disclosure, and the authorisations of the withholding, of information contained in the provisions of the enactments specified in the Schedule to these Regulations ought to prevail in the interests of the data subjects concerned and any other individuals concerned........

 

[view more...]

 

 

 


 

S.I. No. 351 of 1988

 

Data Protection (Registration) Regulations, 1988. I, Donal C. Linehan, Data Protection Commissioner, by virtue of the powers conferred on me by section 20 of the Data Protection Act, 1988 (No. 25 of 1988), hereby, with the consent of the Minister for Justice, make the following regulations: 1. These Regulations may be cited as the Data Protection (Registration) Regulations, 1988.2. These Regulations shall come into force on the 9th day of January, 1989.3.

 

[view more...]

 

 

 


 

S.I. No. 350 of 1988

 

Data Protection (Registration Period) Regulations, 1988. I, Donal C. Linehan, Data Protection Commissioner, in exercise of the powers conferred on me by section 18 of the Data Protection Act, 1988 (No. 25 of 1988), hereby, with the consent of the Minister for Justice, make the following regulations: 1. These Regulations may be cited as the Data Protection (Registration Period) Regulations, 1988.

 

[view more...]

 

 

 

S.I. No. 349 of 1988

 

Data Protection Act, 1988 (Commencement) Order, 1988. I, Gerard Collins, Minister for Justice, in exercise of the powers conferred on me by section 35 of the Data Protection Act, 1988 (No. 25 of 1988), hereby make the following order: 1. This Order may be cited as the Data Protection Act, 1988 (Commencement) Order, 1988.2. In this Order "the Act" means the Data Protection Act, 1988 (No. 25 of 1988).

 

[view more...]

 

 

 

Section 51 British-Irish Agreement Act 1999

 

DPC role in relation to Cross Border Bodies

 

[view more...] Published on 08 February 2005

 

 

 

Repealed Legislation

 

 

 

S.I. No. 192 of 2002

 

I, Mary O'Rourke, Minister for Public Enterprise, in exercise of the powers conferred on me by section 3 of the European Communities Act 1972 (No. 27 of 1972) and for the purpose of giving effect to Directive 97/66/EC of the European Parliament and of the Council of 15 December 19971 concerning the processing of personal data and the protection of privacy in the telecommunications sector and for the purpose of giving further effect to Directive 98/10/EC of the European Parliament .....

 

[view more...] Published on 10 March 2002

 

 

 

Data Protection (Amendment) Bill 2002

 

Bill entitled an Act to give effect to directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of the individual with regard to the processing of the personal data and on the free movement of such data, for that purpose to amend the Data Protection Act 1988 and to provide for related matters

 

[view more...] Published on 25 July 2002

 

 

 

S.I. No. 80 of 1990

 

Data Protection (Fees) Regulations, 1990. I, Ray Burke, Minister for Justice, in exercise of the powers conferred on me by section 17 of the Data Protection Act, 1988 (No. 25 of 1988), hereby, with the consent of the Minister for Finance, make the following regulations: 1. These Regulations may be cited as the Data Protection (Fees) Regulations, 1990.2. In these Regulations "the Act" means the Data Protection Act, 1988 (No. 25 of 1988).

 

[view more...]

 

 

 

S.I. No. 84 of 1989

 

Data Protection Act, 1988 (Section 5(1)(d)) (Specification) Regulations. I, Gerard Collins, Minister for Justice, being of opinion that the functions described in column 1 of the Schedule to these Regulations, being functions conferred by or under the enactments specified in column 2 of that Schedule, are designed to protect members of the public against the financial loss referred to in subsection (1)(d) of section 5 of the Data Protection Act, 1988 (No. 25 of 1988).......

 

[view more...]

 

Case Study 2 - Life assurance company and medical reports - access request denied

 

I received a complaint from a data subject who had not been given copies of medical reports, commissioned from independent specialists by a life assurance company in connection with her on-going income continuance claims – the Company had discontinued her claims on the basis that she was no longer fulfilling the definition of disability, as required under her policy.

 

In investigating this complaint, I reiterated  that the Data Protection Acts give people a statutory right of access to their data, including their medical records, and that this right can only be limited or set aside in very specific and narrow circumstances. 

 

The Company had cited the exemptions in section 5(1)(f) and 5(1)(g) as a basis for denying access to certain reports.

 

Section 5(1)(f) of the Acts provides that the right of access to personal data does not apply to personal data:

 

"(f) consisting of an estimate of, or kept for the purpose of estimating, the amount of liability of the data controller concerned on foot of a claim for the payment of a sum of money, whether in respect of damages or compensation, in any case in which the application of the section would be likely to prejudice the interests of the data controller in relation to the claim."

 

I considered that medical reports commissioned by a life assurance company are for the purpose of assessing a claim.  I found that the exemption in section 5(1)(f) permits a data controller, who puts on file an estimate of the amount of money that may be needed to meet a claim for compensation, to plead an exemption if the release of that estimate would be prejudicial.  The contents of the medical reports at issue in this case did not relate to estimating liability per se.  Rather, they related to whether or not there is a disability and opinions about capacity to work.  It was therefore my view that this exemption cannot be claimed in respect of medical reports.

 

The company also proposed to withhold other reports on the basis of legal privilege as provided in section 5(1)(g), as they believed that they would ‘seriously prejudice (their) defence in any action’.  Section 5(1)(g) provides that the right of access to personal data does not apply in respect of data :

 

“(g) in respect of which a claim of privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers.”

 

In assessing whether privilege could be claimed, it is necessary to look at the purpose of the referral to the doctor and specifically whether it was in anticipation of legal proceedings or to obtain legal advice.  My staff outlined to the Company that it is important  when a life assurance company commissions a report that the claimant fully understands the purpose of the examination e.g. the purpose being for the company to assess and to come to a decision on a claim.  Whether the reports were commissioned in anticipation or furtherance of litigation and thus attract privilege, falls to be determined on a case by case basis.

 

It was understood that the decision in this case might ultimately be challenged in court and the Company indicated that in their opinion there was a high likelihood of this. The exemption refers to a potential situation where ‘a claim of privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers’.  In this case, my staff considered that it was conceivable that such a claim could be maintained in a court.  Therefore, it was held that certain medical reports specified by the company may be withheld pursuant to section 5(1)(g) pending any court proceedings.

 

This case shows how the balance between a data subject’s right of access to personal data must be balanced with the legitimate interests of a data controller – in this case one who may possibly be facing litigation. In the event of litigation not taking place, the data controller would be required to review its decision.

 

 

Address

Office Premises
Synergy House
10, Oakview Drive
Clonsilla
Dublin 15
Ireland

Contact Info

Tel: +353 (0)1 8215189
Mobile: +353 (0)87 2326927
Email: info@synergy.ie

Find Us