Thursday, 1 August 2013

The Right to Privacy in Ireland: Irish state bodies make 10,000 request for personal information every year

Irish Times - Thu, Jul 25, 2013

State agencies target Irish phone and internet records

Up to 10,000 requests for information made annually in Ireland - compared with just 326 for Austria

Irish authorities made 27 times as many requests for people’s stored phone and internet use data compared to law enforcement agencies in comparably sized Austria, according to submissions to the European Court of Justice (ECJ) in Luxembourg.

The information was supplied in a day-long hearing on July 9th by parties to an ECJ case which is considering the legality of the European Data Retention Directive (2006/24/ EC), which allows member states to store data on daily call and internet activity for the EU’s 500 million residents.

The case originates in a challenge to the constitutionality of Ireland’s data-retention laws, taken by privacy advocates Digital Rights Ireland. The case was referred by the Irish High Court to the ECJ.

Ireland, which stores Irish residents’ landline and mobile call access data, as well as some data related to internet usage, for two years, told a panel of ECJ judges that “6,000 to 10,000” requests were made annually under Irish law.

The directive limits the use of such data to combating serious crime and terrorism.

Retention statistics
Counsel representing Austria said authorities there had made 326 requests for data in a recent one-year period.

The UK refused to disclose figures at the hearing.

It is not clear to what the figure of “6,000 to 10,000” requests presented by Irish counsel to the ECJ refers.

According to statistics released in a 2012 European Commission report by member states on data requests made in 2010, and cited at the hearing as evidence in support of the directive’s implementation, Irish authorities – comprising the Garda, Revenue Commissioners or Defence Forces – made 14,928 data orders.

The Department of Justice released 2011 figures last week, confirming 12,675 data requests.

Asked this week by The Irish Times to clarify whether the figures presented were an average or if they referred to as yet unreleased 2012 data request figures, a spokesman for the Department of Justice said: “The communications data retention statistics for Ireland for 2012 are in the order of 9,000 requests.”

The spokesman declined to offer further detail on the nature of the requests, stating: “It is not the practice nor would it be in the public interest to go into further detail of the provision of the data to the relevant authorities.”

Asked whether Ireland had a much higher rate of serious crime than Austria, the department responded: “The operation of data retention regimes in other EU member states is a matter for the authorities of those states.”

The European Court of Justice is focused on whether the European Union’s Data Retention Directive, which allows states to choose a retention period of six months to two years, represents a proportional approach to ensuring that some call and internet data are available for law enforcement and security needs.

Data requests

Unusual for the ECJ, the hearing concentrated on human rights aspects of data retention, in particular how the directive fits with articles 7 and 8 of the Charter of Fundamental Rights of the European Union.

According to the European Commission’s 2010 study, for those countries that supplied (often incomplete) information, the vast majority of data requests were made within the first three months of the data being created, and most of the remainder in the first six months.

Personal data of creche staff posted online

Irish Times - 30th July 2013

Personal data of creche staff posted online ‘outrageous’

The body representing childcare providers has said it is “outrageous” for personal information on staff to be posted online as part of the publication of HSE inspection reports.

Staff References

The HSE said it was unable to respond yesterday evening to a query about the posting of the staff references. The Data Protection Commissioner was unable to say if the postings were a data breach. The report on Clifden Community Playgroup had been taken off the website last night.

Character references for three staff at Clifden Community Playgroup in Co Galway were included in a report posted online. The references were sent into the HSE by the playgroup following an inspection in May 2012 when it was told references for all staff had to be made available.

The inspection report was posted online in recent days by the HSE and it included, as it often does, the reply of the childcare provider indicating changes made after concerns were raised. But in the case of the Clifden Community Playgroup it also included the character references of three staff which the playgroup sent in.

“It is outrageous that references would be put up online. It is simply not fair if they are putting up personal information,” said Irene Gunning, chief executive of Early Childhood Ireland, which represents the majority of creches and childcare providers.

The HSE began posting the creche reports online earlier this month in a move to make the childcare system more transparent for parents. It follows an RTÉ documentary in June which highlighted mistreatment of children at three creches.

So far, reports for childcare providers in four counties have been posted online – Limerick, Mayo, Clare and Galway. Many reports show creches and childcare providers do not have adequate records for staff in relation to Garda vetting and references. Early Childhood Ireland has said delays of 12 weeks for getting Garda vetting makes it difficult for childcare providers to be compliant on this.

Galway reports, which were posted up late last week and yesterday, highlight infrastructure deficiencies in some creches, including broken toilet seats, peeling paint and mould.