We discuss some of 2017's hot topics and look ahead to likely developments during the coming year.

Privacy Rights and Dawn Raids

One of the most important decisions delivered by the Supreme Court in 2017 demonstrated the importance of protecting individuals' rights to privacy when conducting regulatory investigations. In CRH plc v Competition and Consumer Protection Commission (CCPC), the Supreme Court held that the CCPC should have sought to ensure that the privacy rights of personnel were protected when searching for and seizing material during an investigation. The Supreme Court also suggested that the CCPC consider preparing a code of practice for future investigations. A more detailed analysis of the judgment is available here.

This case demonstrates the importance for any public body with investigatory powers to take advice on the extent of those powers, as the express powers in governing legislation may be affected by, for example, the Irish Constitution, the European Convention on Human Rights, the European Charter of Fundamental Rights and data protection law, including the forthcoming GDPR regime.

ECJ rules that written examination answers constitute personal data

In December 2017, the Court of Justice of the European Union (ECJ) ruled that written answers submitted by a candidate in a professional examination constitute personal data relating to that candidate as the answers reflect his/her knowledge and competence, intellect, thought processes and judgment. The ECJ also held that any comments made by an examiner in relation to those answers constitute personal data relating to the candidate.

This ruling is likely to mean that bodies setting professional examinations will be obliged to release written answers of candidates, as well as the examiner's comments regarding those answers, once a data access request is received from a candidate.

While the ECJ ruling related to written answers in a professional examination, we understand that the State Examinations Commission, which is responsible for the assessment/accreditation of the Junior Certificate and Leaving Certificate examinations, is currently reviewing the decision and considering whether it may have any implications for those examinations.

Statutory obligation to conduct Garda vetting 

2017 saw an increased focus on the statutory obligation on organisations to conduct Garda vetting. This is as a result of the requirements set out in the National Vetting Bureau (Children and Vulnerable Persons) Act 2012, as amended.

Subject to statutory exemptions, a relevant organisation is prohibited from employing, contracting, permitting or placing a person to undertake relevant work or activities relating to children or vulnerable persons, unless it receives a vetting disclosure from the National Vetting Bureau.

The Act provides that relevant work or activities relating to children or vulnerable persons includes any treatment, therapy or counselling provided to a child or vulnerable person. It also includes the provision of educational, training, cultural, recreational, leisure, social or physical activities predominantly to children or vulnerable persons.

The relevant organisation bears the statutory obligation to obtain a vetting disclosure and any failure to meet this requirement is a criminal offence. The penalties include fines of up to €10,000 and/or imprisonment for up to five years. Given that the obligation to obtain vetting disclosures extends to organisations, such as public bodies and charities, contracting persons, or permitting persons to carry out relevant work/activities on behalf of the organisation, organisations should carefully consider the requirement to obtain vetting disclosures pursuant to the Act.


These topics highlight the importance for organisations to be aware of governance and compliance requirements applying to your organisation. Sometimes legislation which you might consider to be of no relevance to your organisation, based on the express powers in governing legislation, may in fact be deeply relevant. Accordingly, these obligations may need to be incorporated into your operational policies and procedures. Human rights, data protection and vetting legislation are just three examples of where these issues might arise.

What's on the horizon for 2018?

Governance and compliance will remain in the forefront for both the public and private sectors, particularly with the implementation of the GDPR.

Given the minority government, the passing of legislation inevitably takes longer. However, we await developments in relation to a number of important pieces of legislation. For example, we look forward to the publication of the Regulated Health Professions (Amendment) Bill. It is hoped that the Bill will crystallise important amendments to certain legislation, including the Medical Practitioners Act 2007 and the Nurses and Midwives Act 2011.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.