Data protection is about controlling organisations that have our personal data
Fred Logue
PhD, MIEMA, CEnv | Solicitor | Environment, Planning & Information Law | FP Logue LLP
The Irish Data Protection Bill was published last week representing one of the final steps in the reform of data protection law in Europe.
The new data protection regime gives people unprecedented power to control how organisations deal with them and to seek compensation when the rules are broken.
In three months time a major reform of data protection law will come into force handing individuals a powerful set of tools to control how organisations that use their personal information deal with them. While it is true that we have had these laws for almost 30 years, the GDPR reform means that it should now be much easier for individuals to enforce their rights against organisations who use their personal information.
The new data protection regime gives people unprecedented power to control how organisations deal with them
The key to understanding this power is to realise that once someone has your personal data you have a legal relationship with them and that legal relationship is called data protection law. That's what makes data protection so powerful.
However, if you think about it, the power to control your personal information is also the power to control your relationship with the organisation that uses it. This is a game changer.
One of the cornerstones of data protection law is that your personal data can only be used by someone else for a specific purpose and most of the time they are obliged to tell you in advance what that purpose is. It might be a bank, a doctor, the state, the police or a social media platform, you might not have a contract with them, you might not even be aware that they are using your personal information. But in every case you have legal rights that can be enforced.
The chances are if something goes wrong with the purpose something has gone wrong with your personal information. It may be inaccurate or incomplete leading to incorrect decisions about you, it may be that it has been given, or indeed sold, to someone else without your knowledge, in many case accessing information that someone else holds about you can help you resolve a dispute with them.
The great thing about the new data protection rules is that it is easier than ever to enforce your rights. Everyone can complain free of charge to the Data Protection Commission which will investigate to see if the law has been broken. Not only that, everyone has a right to go to court. You can even ask a non-profit organisation to do this for you which takes the risk and the effort out of enforcing your rights.
The final thing is that the state has very limited scope to restrict your data protection rights. Even if it tries to bring in restrictions that aren't allowed under the rules the authorities have to ignore those restrictions and make sure the rights given to you under EU law are applied.
It's in everyone's interest to ensure that the GDPR is faithfully implemented in Ireland so that individuals are protected and that they have a right to complain to the Data Protection Commission. Equally we need to make sure that the state doesn't try to exempt itself and favoured sectors from the rules unless there are good public interest reasons for doing so.
We'll be hearing a lot of about this over the next month or two. Stay tuned for more updates.
Sonia McEntee Solicitors I Council Law Society of Ireland I Business All-Star 2021-2023 I Fellow AIBF
6 年Fred Logue, good article. Short and to point. The rules have been there for years, the enforcement is what is different. Anyone responsibly handling data up to now, should have little to fear. There’s a huge amount of scaremongering at present, this needs to be brought back to simple principles so all organizations can meet the standards.