New Data Protection Laws
The EU Commission’s commitment to update the European Union’s data protection laws provides us with an ideal opportunity to fundamentally rewrite the laws to take into consideration the massive impact technology has on privacy.
Fintan Lawlor represented Mr Michael Collins when his client took a case against FBD insurance for breaching the Data Protection law and used the information to deny him his right to have a claim for the theft of his van assessed and settled. (click to view details of the Data Protection Decision).
“I welcome the EU’s initiatives requiring companies to seek explicit consent before they re-use personal data, to provide people with access to their own private data and allow them the ability to transfer it to another service provider more easily.
However I believe that the EU should go further. Most believe that such information relates to forms completed by the client or financial and tax details. As can be seen by my client’s case, hearsay and innuendo gleaned by private investigators in the neighbourhood is also ‘valid tender’ in the data sector.
Mr Lawlor said that the EU and the Irish legislators need to take into consideration the dangers of the use of information provided by private investigators. The methods of sourcing, substantiating and disseminating such personal information by private investigators must be regulated.
“It is also timely that the use of social media – Twitter, Facebook and YouTube – is included in Data Protection laws. The EU will be reinforcing the ‘right to be forgotten’, so that people will be able to have their personal data deleted if a business or other organisation has no legitimate reasons for keeping it. However it is impossible to achieve this if such information is already shared on the social media outlets,” Mr Lawlor said.
Last month, three well known insurance companies pleaded guilty to illegally using social welfare data which they had obtained through a private investigator. The private investigator in question was a retired Garda whose daughter-in-law was a former employee of the Revenue Commissioners.
He asked her to access files of people who had claims against Quinn Insurance. The insurance companies offered to donate €20,000 to charity.
“While this may be a step forward in the name of data protection, it fails to compensate the individuals in question whose right to privacy were breached. Section 7 of the Data Protection Acts 1988 and 2003 provide that individuals whose data rights have been breached can seek redress through the court. This right has not yet been exercised until now,” he said.
“My client was a victim of a robbery in which his van was stolen. His insurance company subsequently refused to pay out on the policy on foot of an alleged non-disclosure of a previous conviction. The Office of the Data Protection Commissioner found that they had breached two provisions of the Data Protection Acts 1988 and 2003. My client exercised his right to compensation.”
Mr Lawlor said that it was apparent that there were two types of privacy. The first is that which applies to the wealthy and well know who enjoy the right to super injunctions and other legal rights to protect them from their own indiscretions and misjudgements.
“The other type of privacy applies to everyday citizens whose data is illegally accessed by State bodies, insurance companies, banks and other organisations. If you form part of the latter group it may not be so straightforward to access justice in this regard.
“Despite the existence of clear, defined legal guidelines on Data Protection, the privacy rights of countless ordinary citizens are breached everyday with no repercussions for the perpetrators. The collection and retention of data is so inextricably intertwined in our daily routines that it can be invisible and go unnoticed which makes it easier for data controllers to use and abuse our data,” Mr Lawlor highlighted.