Kilroys Solicitors - boardroom picture Kilroys Solicitors - Logo
Kilroys Solicitors - Logo Kilroys Solicitors - Logo
Financial Services Sector
 Insurance Sector IT sector Public Tendering Sector Motoring Sector Telecoms Sector
Kilroys Solicitors - Home page
Kilroys Solicitors - About us
Kilroys Solicitors - Partners
Kilroys Solicitors - Areas of Practice
Kilroys Solicitors - The Library
Kilroys Solicitors - eBusiness in Ireland
Kilroys Solicitors - Careers
Kilroys Solicitors - links
Kilroys Solicitors - Contact us
Kilroys Solicitors - Search this site
Kilroys Solicitors - Terms of use
ezine subscription
Subscribe  


<<< Back to main article
Privacy and Data Protection

It is likely that personal data will be processed whenever individuals interact over the Internet. Personal data is usually understood to mean data, which refers to living persons.

EU Law

The provisions of the EU Data Protection Directive (95/46/EC) requires member states to conform their domestic laws on the processing and free movement of personal data by the 24th of October 1998. With the enactment of the Data Protection (Amendment) Act 2003 on the 10th of April 2003 Ireland finally transposed the remaining sections of the Data Protection Directive into Irish Law.

The Directive seeks to regulate the collection, processing and dissemination of personal data relating to living persons resident within the EU. The collection of such data is not restricted. However, it may only be collected for "specified explicit and legitimate purposes". It must not be processed in a way that is inconsistent or incompatible with the primary purpose for which the data was first collected.

The Directive provides that member states cannot block the transfer of personal data within the European Economic Area (EEA). However, the rules governing the export of data to countries outside the EEA are more stringent. Such transfers to countries with inadequate data protection legislation is prohibited.

The EU and the United States concluded an agreement whereby a set of guidelines known as "The Safe Harbor Principles" were negotiated. These principles constitute a self-certification procedure. US corporations seeking to import personal data from the EU must certify with the US Department of Commerce that they have procedures in place, which protect the unauthorised use or exploitation of such personal data.

The EU has also recognised that Hungary, Switzerland and Canada have adequate data protection legislation in place.

Irish Law

The Irish Constitution recognises the right to privacy. The first piece of domestic legislation in this area was the Data Protection Act, 1988 which introduced the 1981 Strasbourg Convention into Irish Law. The Data Protection (Amendment) Act, 2003 has transposed fully the provisions of the EU Data Protection Directive.

The 2003 Act makes important changes to Irish legislation in this area including the following:
  • The principles dealing with "fair processing" of personal data have been modified and extended.
  • There are new rules governing the use of personal data for direct marketing purposes.
  • The transfer of personal data to countries outside the EEA will be subject to new controls.
  • The rights for individuals to access their personal data are strengthened.
  • The powers of the Irish Data Protection Commissioner have been extended.
  • There are new requirements for annual registration with the Data Protection Commissioner.
  • The requirements concerning keeping personal data secure are strenghtned.
  • Any business outsourcing the processing of personal data (i.e. payroll) will have to have appropriate contractual agreements in place with the data processor concerned.
The main provisions of the 2003 Act will come into full force from the 1st of July 2003.

For further information or general enquiries contact: -
Patrick Ryan
Email: pryan@kilroys.ie
Telephone: +3531-439 5600
Fax: +3531-439 5601/439 5602

© Kilroys Solicitors 2002 - 2003