Data Protection
The Public Services Card- An ID database and ID card
There is an excellent article by Elaine Edwards online (but not in the paper) regarding a pensioner whose pension payments have been stopped because she declined to submit to the biometric scanning and so on involved in being given an Public Services Card. This card has been, to be charitable, inaccurately referred to as voluntary by Minister Pascal Donoghue. However, if you don’t agree to submit to the carding process (which involves a biometric scan of your face, as well […]
Painful Pincers at the Border
The UK government has issued the outlines of a new Data Protection Bill. It will be a substantial piece of work because it will replicate the General Data Protection Regulation (GDPR). The GDPR is EU law and is directly effective in all Member States including the UK, on 25th May 2018. The UK Brexit plan requires “replication” rather than “supplementation” because the UK has no intention of cutting itself free of EU “red tape”, if it is in the form […]
The IBM Complex
Reputedly, corporate America values conformity, hence the maxim – “Nobody ever got fired for hiring IBM” – applied to the purchase of materials or services. This approach fails to understand the drawbacks of conformity and the failure to understand both IBM and the real world. In Sweden the Transport Agency hired IBM to manage its vehicle registration and drivers’ licence database. The price, not relevant here, was €100 million. In the events that have happened, IBM did not understand that […]
Digital Rights Ireland: Application for a Trial of Preliminary Issue
In January 2012, in the case of Digital Rights Ireland Ltd. v The Minister for Communications & Ors., the High court referred certain questions to the CJEU (ECJ) under Article 267 TEU. In the events that happened the ECJ struck down or found invalid Directive 2006/24/EC in the course of the hearing of the referred questions. The High court is now hearing the parties (Digital Rights Ireland Ltd. and the Minister for Communications & Ors.) in the resumed proceedings, interrupted […]
GDPR – Start now!
If you do not know about the personal data you hold, you cannot comply with the GDPR. So, trace the flow of personal data in your company. Bear in mind that the personal data of employees is covered by the GDPR. Compliance with the GDPR will involve those self-same employees. They will need training in the application of the principles of the GDPR in your organization. Possibly you are obliged to appoint a Data Protection Officer (DPO). If so, even […]
GDPR and Brexit (whatever that means)
There is probably a book yet to be written on the interplay between the General Data Protection Regulation and Brexit, but some elements can be seen now. Unusually, the GDPR permits the introduction of some national legislation on data protection issues. They include occasions where a legal obligation mandates the processing of personal data, or the processing relates to a public interest task, or the processing is carried out by a body with official authority. There are others. As a […]
GDPR; Personal data belongs to people
The EU deferred the application of the GDPR personal data rules for two years to allow organisations to make the necessary internal changes to reach compliance. The first, and possibly the most difficult, is to perceive what is stated in the title here; personal data belongs to the data subject. Personal data, collected by you, is not owned by you. Think of it as money. Less than one year from now, your organisation must be able to account for personal […]
Why bother with the GDPR?
Here is news that was not (to my knowledge) on RTE. Deep Root Analytics maintained a database on an estimated 62% of the population of the USA. It contains what is known as “sensitive” information on the population. It is being used to profile the US population. The GDPR is designed to prevent the processing of exactly such a database as Deep Root Analytics possesses. Companies like Deep Root Analytics believe that the information they have collected is theirs, not […]
Spoiling the Ship
When the EU passed the GDPR as directly effective law it deferred the implementation of the GDPR for two years to allow organisations to make the necessary changes to comply with the law. One year of that two year period has passed. Many companies and organisations have not even begun to make the necessary changes. For some of them, there is not now enough time to make the necessary changes to reach compliance by 25th May 2018. There is a […]
GDPR; Getting ready for Privacy by Design
Article 25 GDPR requires organisations to adopt privacy by design and by default. Generally, these will come as new principles in data protection implementation to many of the organisations obliged to adopt those principles before 25th May 2018. That’s the date the Regulation comes into force. Failure to do this will be easily detected; under Article 30 GDPR organisations are obliged to establish and maintain a register of data processing activities. Implementation of privacy by design and by default should […]