6th Newsletter -> 12 - 18 August 2016

Irish DPC has no authority to conduct oral hearings


The Irish High Court has ruled that the Irish Data Protection Commissioner does not need to hold oral hearing for people who believe they have suffered a violation of their data privacy rights. This judgement delivered by Mr Justice Robert Haughton followed a case involving a member of the Irish Police (garda) Kevin Martin, who claimed his credit union showed his confidential financial statements to his father and indicated his loans were in trouble. He claimed his data protection rights were breached when a representative of the credit union turned up at his father’s home and shared information with him. After the credit union denied his allegations Mr. Martin sought an order for the DPC to hold an oral hearing. 

Mr Justice Haughton ruled that neither the EU data protection directive of 1995, nor the Irish Data Protection Acts of 1988 and 2003 give the DPC the power to hold such a hearing. Furthermore, the Irish DP commissioner Helen Dixon stated the law does not give her the power to administer an oath, compel the production of documents or compel the attendance of witnesses. There was also no established practice to conduct oral hearings among the data protection authorities of EU member states.


Read more HERE


_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________


“Over-the-top” Service Providers to face tougher rules under the new e-Privacy regulations


According to the internal European Commission documentation the Commission plans to extend rules on the security and confidentiality of communications to also include the so-called “over-the-top” (OTT) communication service providers, such as WhatsApp and Skype. The existing e-Privacy rules requires that communications and related traffic data must be kept confidential by providers of public communications networks and publicly available electronic communications services. More specifically, the rules prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, with the exception of   national security reasons. The commission is due to make an initial announcement in September and present detailed plans for legislative review later this year.


Read more HERE


Read more HERE


_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________


UK ICO issues a fine of £40,000 


A General Practitioner practice Regal Chambers which revealed confidential details about a woman and her family to her estranged ex-partner has been fined £40,000 by the Information Commissioner. The practice gave information about a woman and her family to her estranged ex-partner, despite staff at the practice being warned that this might happen. The ex-partner formally requested the medical records of his son with the woman under section 7 of the Data Protection Act (a Subject Access Request) in 2014. The GP surgery handed over the full 62-page medical file, which included the woman’s contact details, as well as those of her parents, and an older child the man was not related to. 

An ICO investigation found that the GP practice had insufficient safeguards in place to prevent releasing unauthorised personal data to people who were not entitled to see it. Furthermore, the investigation revealed that the staff did not receive adequate guidance or supervision about what could be disclosed or should be withheld. The ICO has issued a fine of £40,000 due to the serious nature of the breach.


Read more HERE


_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________


Windows 10 disregards user choice and privacy


The Electronic Frontier Foundation (EFF), a nonprofit organisation defending civil liberties in the digital world, has posted an in-depth analysis of how Microsoft handles user data and respects privacy with data collection with regard to Windows 10. The EFF states that Microsoft in several cases installed the Windows 10 operating system on users’ computers without first obtaining their consent. Furthermore, Microsoft is also currently violating users’ privacy by collecting an excessive amount of data that the company sends from computers running the Windows 10 operating system to its servers for further inspection. The EFF agrees that this data is collected with intention to improve certain features of Windows 10 and users are allowed to opt-out or disable such practices, but such behaviour by Microsoft should be changed to fully respect the privacy of the users.


Read more HERE


_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________