Irish Data Protection Act
In order to protect its citizens, Ireland released its Data Protection Act of 1988with very heavy standards of protection. The Act was amended in 2003, and that amended version currently serves as the basis for Irish data protection. As with other acts of this nature, Ireland’s goal is to make sure that its citizens’ data is only in the hands of the proper intended recipients and only used for its intended purposes.
Background and Definitions
Before discussing Section Eight of the Act, which details certain rights of data subjects, it’s important to introduce some vocabulary. A data subject is the individual from whom the data originates. A data controller is a person or entity that has been given authorization to handle the data of another person. Processing refers to any operation taken with regard to the data; this could mean collection, storage, organization, dissemination, or destruction of the data.
Section Eight Compliance
Section Eight of Ireland’s Data Protection Act deals with rights provided to a data subject. Subsection one of part A of this section gives the data subject power to request that a data controller stop processing certain data that the subject has provided. This type of request must be served on a data controller in writing, and it has to be made for specific reasons that involve the risk of unwarranted, substantial damage or distress to the data subject or a third party. Under this section, a data subject can only object to processing that is considered to be necessary for the completion the data controller’s goal for collecting the data or to complete a task that is in the public interest.
Subsection three prevents a data subject from taking action to prevent processing under subsection one if the subject has given explicit permission to the the controller to process the data or if the processing is necessary to fulfill any contractual or legal duties on the part of the subject. That is, if the data subject has previously OK’d the processing, or if the processing is part of an established contract, the subject can’t take back permission later on. Additionally, subsection one does not apply to processing conducted by political candidates running for election or politicians holding office.
Once a notice is served under subsection one, the data controller has 20 days to respond to the notice stating whether or not it will comply with the notice and, if it will not comply, the reasons for noncompliance. If the controller fails to comply with a notice that the Commissioner of the Act thinks is valid, the Commissioner has the ability to order the controller to take the steps necessary to comply with the notice. Any processing that may have any significant or legal effects on a data subject cannot be completed automatically. Put another way, a human must play a role in the processing of data that will have significant or legal effects on the data subject.
For more information about data protection, contact Revision Legal’s team of experienced internet attorneys through the form on this page or call 855-473-8474.
Image credit: Flickr user StockMonkeys.com
Affiliate marketers face FTC disclosure requirements, false advertising liability, and data privacy obligations. Learn the best practices to stay legally compliant and protect your business.
Read more about FTC Compliance for Affiliate Marketers: How to Avoid Legal Trouble
Affiliate marketers can face legal liability for promoting defective or misleading products. Learn what the FTC requires, when you can be sued, and how to protect yourself.
Read more about Affiliate Marketing Liability: Can You Be Sued for Promoting a Bad Product?
The USPTO’s failure-to-function doctrine rejects trademarks that don’t identify a unique source. Learn what causes these refusals, why distinctiveness matters, and how to choose a stronger mark.
Read more about Trademark Failure to Function: Why the USPTO Rejects Trademarks and How to Avoid It