1 Relevant Legislation and Competent Authorities

1.1 What is the principal data protection legislation?

The Data Protection Acts 1988 and 2003 ("DPA"), which set out the general principles applicable to data protection, and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 ("E-Privacy Regulations"), which deal with specific data protection issues relating to use of electronic communication devices, and particularly with direct marketing restrictions. A number of statutory instruments have also been adopted pursuant to the DPA, dealing with matters such as registration requirements.

1.2 Is there any other general legislation that impacts data protection?

Freedom of Information Act 2014

The Freedom of Information Act 2014 provides a legal right for persons: to access information held by a body to which FOI legislation applies; to have official information relating to himself/ herself amended where it is incomplete, incorrect or misleading; and to obtain reasons for decisions affecting himself/herself.

The Protected Disclosures Act 2014 (the "Whistle-Blowers Act")

This introduced legislation in relation to whistle-blowers in Ireland for the first time.

Criminal Justice (Mutual Assistance) Act 2008, Part 3

This provides for various forms of mutual legal assistance to foreign law enforcement agencies.

S.I. No. 337 of 2014 – Data Protection Act 1988 (Commencement) Order 2014 and S.I. No. 338 of 2014 – Data Protection (Amendment) Act 2003 (Commencement) Order 2014

This makes it unlawful for employers to require employees or applicants for employment to make an access request seeking copies of personal data which is then made available to the employer or prospective employer. This provision also applies to any person who engages another person to provide a service

1.3 Is there any sector specific legislation that impacts data protection?

S.I. No. 83/1989 – Data Protection (Access Modification) (Social Work) Regulations 1989

This outlines specific restrictions in respect of social work data.

S.I. No. 421 of 2009 – Data Protection Act 1988 (Section 5(1)(D)) (Specification) Regulations 2009

This outlines the exemption from the DPA in respect of the use of personal data in the performance of certain functions of the Director of Corporate Enforcement and inspectors appointed by the High Court or Director of Corporate Enforcement.

S.I. No. 687/2007 – Data Protection (Processing of Genetic Data) Regulations 2007

This outlines restrictions in respect of processing genetic data in relation to employment.

S.I. No. 95/1993 – Data Protection Act 1988 (Section 5 (1) (D)) (Specification) Regulations 1993

This outlines the exemption from the DPA in respect of the use of personal data in the performance of certain functions of the Central Bank, the National Consumer Agency, various functions performed by auditors under the Companies Acts, etc.

S.I. No. 81/1989 – Data Protection Act, 1988 (Restriction of Section 4) Regulations 1989

This outlines the restriction on the right of access to information on adopted children and information which the Public Service Ombudsman acquires during an investigation.

S.I. No. 82/1989 – Data Protection (Access Modification) (Health) Regulations 1989

This outlines certain restrictions in the right of access relating to health data.

1.4 What is the relevant data protection regulatory authority(ies)?

The Office of the Data Protection Commissioner ("ODPC") is the data protection regulatory authority. In 2014, Helen Dixon was appointed as the Data Protection Commissioner, succeeding Billy Hawkes.

To view the full report please click here.

Previously published by Global Legal Group

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.