GDPR and the Irish Data Protection Bill
During the last 12 months, businesses had to focus heavily on their readiness for the incoming European General Data Protection Regulation (GDPR). In May 2017, the Irish Government published the General Scheme of the Data Protection Bill 2017. This provided some insight into the Irish Government's legislative intent and approach towards those provisions of the GDPR where Member States are afforded a margin of flexibility.
Some of the most notable proposals in the Scheme centre on reforming the office and powers of the Data Protection Commissioner. The Government's enhancement of the Commission's powers comes ahead of the additional GDPR workload coinciding with the introduction of the 'one-stop-shop' mechanism and the new resource-intensive elements of investigation. The Data Protection Commissioner is to be replaced by a new entity, the "Data Protection Commission" (Commission). The entity will comprise up to three individual Commissioners or officers. The investigative and adjudicative processes within the Commission will be separated and enhanced investigative powers are proposed for authorised officers of the Commission. The procedure governing the Commission's supervision and enforcement powers are also set out, increasing the investigatory powers of the Commission as well as documenting how it will impose fines and penalties.
EU guidance on processing employee personal data
In June 2017, the Article 29 Working Party, the collective group of European data protection authorities, adopted new guidance on data processing in the workplace due to the increase in the amount of personal data collected. It also focused on the rise of new forms of data processing and new technologies in the workplace which may allow for the systematic and potentially invasive processing of employees' personal data. The guidance primarily focuses on data processing under the current data protection directive, but also considered employers' obligations under the GDPR. This guidance is instructive for employers as it highlights the relatively conservative views of EU regulators on the use of new technologies at work.
Employers need to carefully consider which legal grounds they currently rely on in order to process employee personal data, bearing in mind the challenges in obtaining valid employee consent.
Growth of FinTech
FinTech is an area that we predicted would continue to thrive throughout 2017 and this has certainly been the case. The vibrancy of this sector was reflected in the publication of a FinTech consultation paper by the European Commission. The FinTech paper asked Financial Services Providers (FSPs) and consumers how FinTech could improve access to credit and other financial services and reduce costs while ensuring adequate protection of customer data. This allowed interested parties to give their views on pressing questions facing FSPs, consumers and regulators.
We expect the Commission to launch an EU strategy for FinTech in 2018, which will be based on the responses it has received to the consultation and the work of its FinTech Task Force. It remains to be seen what measures will be introduced on foot of the responses to the consultation to tackle the rising cost of compliance and to promote access to cross-border services for consumers of financial services.
What's on the horizon for 2018?
2018 promises to be another exciting year of development in technology and data protection law. The GDPR is due to come into force on 25 May 2018 and businesses will be busy finalising their data protection compliance. We expect the interaction between the regulation of big data analytics, artificial intelligence (AI) and robotics to come to the fore. In the FinTech space, it is likely that some companies raising funds will consider the benefits of crowd-funding and initial coin offerings (ICOs). It will also be interesting to follow the legal developments around crypto-currencies such as Bitcoin, Ethereum and Ripple.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.