skip to content
 

Data Protection Laws and Freedom of Expression: IrelandFile:Flag of Ireland.svg

 

I. First-Generation Statutory Law

Ireland adopted its first Data Protection Act in 1988.
 
Special Expression Derogation
Ireland’s 1988 Data Protection Act did not contain a derogation in favour of journalism or other forms of special expression.However, an exclusion was provided for any “operation performed solely for the purpose of preparing the text of documents” (s. 1(1)).
 
Broad Expression Derogation
No specific provision adopted. However, an exclusion was provided for any “operation performed solely for the purpose of preparing the text of documents” (s. 1(1)).
 
Personal Exemption
The Act did not apply to the processing of personal data kept by an individual and concerned only with the management of his personal, family or household affairs or kept by an individual only for recreational purposes (art. 1(4)(c)).
 
Knowledge Facilitation Framework
The law stipulated that data used for ‘statistical or research or other scientific purposes’ would not be regarded as having been ‘obtained unfairly by reason only’ that such purpose was ‘not disclosed when it was obtained’ so long as ‘no damage or distress is, or is likely to be, caused to any data subject’ and that such data could also be held indefinitely (sec. 2(5)). An exemption from reactive transparency (subject access) for data kept for the purpose of preparing statistics or carrying out research was set out but the results were not made available in an a form that identified any of the data subjects and (aside from certain enumerated exceptions) the data was not used or disclosed for any other purpose (s. 5(1)(h)).
 
Parliamentary Debates
Background
In contrast to a number of other countries, there was an “absence of any extensive Irish debate” prior to the enactment of Data Protection legislation in 1988 (Robert Clark, Data Protection Law in Ireland (Round Hall Press, 1990), p. 14).  On 15 July 1982 the Fianna Fáil Minister for Justice Seán Doherty stated that “[p]roposals on the protection of the privacy of computerised personal data, which would enable this country to give effect to the [Council of Europe] Convention, are now in course of preparation….The general intention is that the proposed legislation will provide for the basic principles of the data protection set out in the Convention”.   Consideration of such legislation was deferred by the next Fine Gael-Labour Party Administration which lasted from November 1982 through to March 1987.    Nevertheless, in 1985 the Joint Oireachtas Committee on Legislation did investigate and hear submissions on the need for both data protection and freedom of information legislation.    After the return of Fianna Fail to power, draft legislation was introduced into the Dáil on 19 October 1987.  
 
In most respects, the draft legislation which became the Data Protection Act 1988 was closely modelled on its British counterpart, the Data Protection Act (1984) (UK).  Following Second Reading, Committee and Third Reading in the Dáil took place on 28 June 1988.  The Bill passed all stages in the Seanad on 6 July 1988 and was signed by the President on 13 July 1988.[1]  Thus, commenting on the process of legislative enactment generally Robert Clark correctly notes that whilst the Act was
a complicated piece of legislation, debate in the Oireachtas was not extensive.  The Committee Stage in Dáil Éireann was shortened by guillotine and discussion on specific sections ceased on section 6.  The Committee Stage in the Seanad was shorted still. (Clark, 1990, p. 23)[2]
 
Special Expression Derogation
The Act did not exempt journalistic, literary or artistic activity from its ambit and made no special allowance for such activities. It is however the case that, similarly to the British scheme, the scope of the legislation was restricted via the definition of “processing” so as to exclude any “operation performed solely for the purpose of preparing the text of documents”.[3]  Nevertheless, in introducing the Act, the Minister for Justice not only gave a restrictive interpretation of latter phrase but, moreover, rationalized it via the need to exclude processing performing very limited and discrete functions[4] rather than via a need to protection freedom of expression. In sum he stated:
There is…an express exclusion in the definition of “processing” for an operation performed solely for the purpose of preparing the text of documents. The intention is to exclude the operation of word processors when used simply for that purpose.  A common example would be the despatch of a standard letter to many people where the names and addresses are kept on a word processor. Word processors are not excluded as such. Much word processing the [sic] is done of personal computers which are capable of automatically processing the personal data concerned.  Once they are used for purposes other than the preparation of documents, their operation comes within the scope of the Bill.[5]
There was no discussion during the parliamentary proceedings of the relationship between freedom of expression and data protection either in relation to media or more generally.
 
Personal Exemption
During the Committee stage of the Bill, an attempt was made to move an amendment so as to also exclude from the Bill personal data kept by a “club or association only for recreational purposes”.[6]  In rejecting the amendment, the Minister of Justice Gerry Collins stated that that:
Personal data kept by an individual for recreational purposes is intended to cover the keeping for one’s own use of computerised information on, for example, football results or other sporting statistics. Perhaps a better phrase might be “amusement purposes”.[7]
In contrast:
The bulk of personal data kept by a club or association would not be for such purposes but rather for the business of running the club – membership subscriptions, customer accounts and so on – which would not be very different from any other business. A club or association would have a lot of personal data on members and I see no justification for exemption for exempting them from the obligations imposed on every other body that keeps such data … Moreover, to exclude such personal data from the Bill would require a derogation from the convention [a reference to Data Protection Convention 108].  In the circumstances, I am not disposed to accept this amendment.[8]
Following this statement, the amendment was then, by leave, withdrawn.
 
Knowledge Facilitation Derogation
The legislative proceedings did include a brief discussion of the interaction between data protection and research, although this was largely confined to the medical arena. In introducing the Bill on Second Reading, the Minister of Justice Gerry Collins noted that the Council of Europe Data Protection Convention allowed for restrictions ‘on the rights of access, rectification and erasure with respect to personal data used for statistics or scientific research purposes when there is obviously no risk of an infringement of the privacy of the data subjects concerned’.[9]  In the same debate Dermot Ahern (Fianna Fail) asked the Minister whether her or his officials ‘will consider amending the definition under which it is intended to impose obligations on a data processor or a researcher’.[10]  The particular concerns of Mr Ahern were not, however, further specified and it does not seem his point was specifically responded to by the Minister. During the Second Reading in the Seanad, Professor Eogen noted with approval that there was a section in the proposed Act dealing with research. In his statement, he primarily focused on medical research, observing that it would have to adhere strictly to the code and questioning whether it is sensible to make medical consultants pay a registration fee. A different concern regarding the requirement to notify data being processed for medical research was raised by Mr Manning MP during the very final stages of the Bill. In sum, he stated that he had been approach by ‘a number of people involved in medical research’ who were afraid that the notify of sensitive data as set out in the Bill would require that ‘every piece of data would have to be described by them which would be laborious and extensive’.[11]  The Minister was able to offer reassurance that ‘only a general description’ of the data would be required and in response Mr Manning MP stated that reply ‘goes all the way to meet the worries of people involved in medical research’.[12]
 

II. Second-Generation Statutory Law

The Data Protection Act of 1988 was amended in 2003 thereby ensuring the transposition of Directive 95/46.
 
Special Expression Derogation
Ireland set out a broadly applicable permissive derogation based on public interest in view of the publication of any journalistic, literary or artistic material, which—pursuant to the controller’s reasonable belief—would be in the public interest and compliance would be incompatible with these journalistic, literary or artistic purposes (s. 22A). The permissive public interest test allowed for a derogation from data quality principles, the proactive direct and indirect as well as retroactive transparency rules, the sensitive information rules as well as the legitimating ground condition. In addition, there no requirement to notify such processing with the DPA. No special provision applied in relation to the international data transfer conditions.
 
Broad Expression Derogation
No special provision was adopted.
 
Personal Exemption
An exemption was provided for ‘personal data kept by an individual and concerned only with the management of his personal, family or household affairs kept by an individual only for recreational purposes’ (sec. 1(4)(c)).
 
Knowledge Facilitation Framework
The amended law provided an exemption for ‘statistical or research or other scientific purposes’ from the purpose incompatibility and time-limitation principles and stated that personal data would not be regarded as having been ‘obtained unfairly by reason only’ that such purpose was ‘not disclosed when it was obtained’.These provisions were subject to the condition that ‘no damage or distress is, or is likely to be, caused to any data subject’ (sec. 2(5)). As regards the sensitive data rules, Ireland did set out a knowledge facilitation derogation but restricted this to were necessary for medical research and this was carried out by a health professional or someone with akin confidentiality duty (sec. 2B(1)(viii) read with s. 2b(4)) or for statistical and related purposes in conformity with the Statistics Act 1993 (s. 2b(1)(ix)).  A statistics or research exemption was provided from reactive transparency (subject access) so long as data was not used or disclosed for any other purpose (other than legal proceedings under s. 8) and the results were not made in a form that identifies any data subject (s. 5(1)(h)).  The law also stipulated that data kept solely for historical research or archives or departmental records within he meaning of the National Archives Ac 1986 were exempt from all data protection principles, sensitive data rules and the legitimating conditions so long as such keeping ‘complies with the requirements as may be prescribed for the purpose of safeguarding the fundamental rights and freedoms of data subjects’ (sec. 1(3)(c)).
Parliamentary Debates
Special Expression Derogation
The special expression derogation was barely discussed in the legislative process or the parliamentary debates. Summing up the provision, the Minister of State at the Department of Justice, Equality and Law Reform, M Wallace, noted that privacy must be protected while at the same time recognizing the special importance of the public interest in the freedom of expression.[13] The same statement was reiterated by the Minister of State at the Department of Justice, Equality and Law Reform MR O’Dea when the Bill was introduced into the Dáli.[14] No further debates took place in this regard.
 
Broad Expression Derogation
No relevant debates.
 
Personal Exemption
No relevant debates.
 
Knowledge Facilitation Derogation
Minister of State at the Department of Justice, Equality and Law Reform, M Wallace, summarized the relevant provisions, noting that it was necessary to reconcile personal privacy considerations with the need of historical research, statistical requirements and scientific discovery.[15] When introducing the new proactive transparency requirements the Minister of State at the Department of Justice, Equality and Law Reform Mr. O’Dea stated “[t]here are important exemptions included here which mean, for instance, that the obligation to inform does not apply when data are processing for statistical, historical or scientific purposes where the provision of such information would involve disproportionate effort or where the information is required by law”.[16]
When the Bill moved to Committee, the Minister introduced an amendment to make clear that exemption in subsection 3C “in respect of data kept solely for the purpose of historical research includes archives or departmental as defined by the National Archives Act 1986”.  The rationale he offered was that ‘it is obviously important to ensure that archives and records are safeguarded for research purposes.  I expect that the Data Protection Commissioner and the director of the National Archives will work together to ensure clear and consistent guidelines in this area.  I am confident that this co-operation will ensure adequate protection for all archival material’.[17] This amendment was then agreed to without a division.
 

III. Third-Generation Statutory Law

Ireland new Data Protection Act in 2018.
 
Special Expression Derogation
Ireland set out a broadly worded exemption “including” for “journalistic purposes or the purposes of academic, artistic or literary expression” which is applicable insofar as compliance is incompatible with the exercise of the right to freedom of expression and information, having regard to the importance of the latter right in a democratic society (s. 43(1) and (2))).  The DPA is empowered by its own initiative to refer any questions of law as to whether the exemption applies to the courts (s. 43(3)-(4)).  These provisions do not explicitly establish the priority of the special expression derogation over the Knowledge Facilitation Framework.
 
Broad Expression Derogation
The new Irish Act provides for derogation from the GDPR for the purpose of exercising the right to freedom of expression and freedom of information in general, extending this beyond the specific GDPR special expressive purposes (expressed as “including” those special purposes) (s. 43(1)).  It is also stated that in order to take into account the importance of the right to freedom of expression and freedom of information in a democratic society, that right shall be interpreted in a broad manner (s. 43(5)).
 
Personal Exemption – see GDPR, art. 2(2)(c)
 
Knowledge Facilitation Framework – see also GPDR, art. 5(1)(b) (compatibility), art. 5(1)(e) (time limits) and art. 89(1) (appropriate safeguards)
The Irish Data Protection Act allows for the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes but only where suitable and specific measures have been taken to safeguard the fundamental rights and freedoms of data subjects; the processing is in accordance with Art. 89 GDPR and respects the minimization principles and where the relevant purposes can be fulfilled in this way processing does not permit or no longer permits identification of data subjects (sec. 42). The processing of special categories of sensitive data for these purposes is further permissible if necessary and proportionate. Data relating to criminal convictions and offences may only be processed under the control of an official authority, where required for Art. 89 GDPR purposes and and where carried out by or on behalf of a public body or public authority (s. 54). The processing for public interest archiving purposes is exempted from arts. 15-16 and 18-21 GDPR and for scientific, historical research or statistical purposes from arts. 15-16, 18 and 21 GDPR subject to the condition that the exercise of those rights would be likely to render impossible or seriously impair the achievement of those purposes; such restriction is necessary for the fulfilment of those purposes; and where processing serves another purpose at the same time, derogation applies only to the extent processing is for the specified purpose (s. 61).
Parliamentary Debates
Special and Broad Expression Derogation
In the Seanad Éireann debate, an amendment was introduced regarding the access to data processed for journalistic purposes made by any party, including an authorised officer, the Ombudsman Commissioner, the Revenue Commissioner or the Defence Forces. Such access was to be authorised by the High Court by motion and affidavit and on notice to the “journalist data processor”. In determining whether to allow access to data processed for journalistic purposes, the High Court was  to have regard to the importance of freedom of expression in a democratic society and to the importance of confidential sources of information to the right of freedom of expression. This amendment was described as being aimed at strengthening the protection of journalists and their sources. Deputy Charles Flanagan responded that the High Court permitting identification of confidential sources of information where a journalist ‘is the subject of investigation for suspected commission of a serious criminal offence’ raised issues that go beyond data protection. He asked what would constitute a ‘serious criminal offence’. Noting that he did not want to take from the importance of the proposed amendment, Deputy Flanagan argued that the balancing of the right of journalists to protect their sources would be a matter for the courts.[18]
In the Dáil Éireann debate, Deputy Thomas P. Broughan reiterated the importance of protecting journalists, asking the Minister of State whether the key recommendations made by Mr. Justice Murray in this regard were adequately implemented. Responding thereto, the Minister of State at the Department of Justice and Equality (Deputy Pat Breen) noted that access to journalists’ notes and the retention of personal data, including Judge Murray’s recommendations, would be implemented in a separate Bill, the Data Retention Bill.[19] During the question session at the Dáil Éireann, Deputy Brendan Howlin once again emphasized the importance of the protection of journalistic sources and a free press for a democracy. The Taoiseach noted that three complications were identified as regards the protection of journalists. The first related to the definition of ‘journalist’. Journalism was an unregulated profession. The second complication concerned the extent of the protection of journalistic sources. And the third the conditions under which sources could be revealed. However, no further elaborations were made on whether and how these complications were to be addressed.[20]
In the Select Committee on Justice and Equality debate, the beforementioned amendment was once again discussed. It was reiterated that this was a matter of concern for several journalistic and civil liberties organizations. These concerns were inter alia prompted by recent data breaches in significant media outlets. Deputy Charles Flanagan rejecting the amendment once again reiterated that the proposed Bill was not the ‘correct location for a far-reaching statutory provision of this kind’ and that it would be for the courts to balance journalistic protection of sources and data protection. Deputy Clare Daly concurred.[21] The amendment was eventually not adopted.
No further debates were recorded on either the special or the broad expression derogations.
 
Knowledge Facilitation Framework
In the Dáil Éireann debate, Amendment No. 1 was introduced by Deputy Mick Wallace to define ‘scientific research purposes’. During Committee Stage, Deputy O’Callaghan criticized that defining ‘scientific research’ without providing similar definitions for archiving or statistical purposes might not be ideal. Deputy Clare Daly responded that while this state of affairs was not ideal, it was important to clearly define scientific research, in particular in contradistinction to research serving corporate profits rather than the public good.[22] Minister for Justice and Equality, Deputy Charles Flanagan, responded that he would not accept the amendment as a definition of ‘scientific research’ would emerge at EU level.[23] Deputy Clare Daly later came back to the definition of scientific research purposes at the Committee Stage. The main point of contention for Deputy Daly was thereby the independence of research from any corporate influence necessary to be considered scientific. Deputy Mick Wallace concurred. Minister for Justice and Equality Deputy Charles Flanagan reiterated that there will be guidelines in this regard from the European Data Protection Board and a definition of ‘scientific research’ was therefore not possible. Deputy Jim O’Callaghan observed that the definition of ‘scientific research purposes’ would require the definition of other types of exemptions too.[24] Eventually, no definition of ‘scientific research’ was included in the law.
 

[1] The registration process began on 9 January 1989 and the rest of the Act, save for sections 6 (2)(b) and 10(7) (b) came into effect on 19 April 1989 (Clark, 1990, p. 23).
[2] In order to give context to Clark’s statement it should be noted that the Act was enacted had some 35 sections.  Therefore, only approximately 6% of the Bill received detailed legislative consideration.
[3] Data Protection Act 1988, s. 1(1)..
[4] And therefore not presumably posing the kinds of risks to privacy that genuinely “automatic” processing did.
[5] Dáil Debates, 17 November 1987, Vol. 375 at 843.
[6] Dáil Debates, 28 June 1988, at 2312.
[7] Emphasis added.
[8] Dáil Debates, 28 June 1988, at 2312-3.
[9] Dáil Debates, 17 November 1987, Vol. 375 at 837.
[10] Dáil Debates, 17 November 1987, Vol. 375 at 837.
[11] Seanad Debates, 6 July 1988, cols. 2078.
[12] Seanad Debates, 6 July 1988, cols. 2079.
[13] Seanad Debates, 24 April 2002, col. 1761.
[14] Dáil Debates, 24 October 2002, col. 330.
[15] Seanad Debates, 24 April 2002, col. 1771.
[16] Dáil Debates, 22 October 2002, cols. 1304-5.
[17] Select Committee on Justice, Equality, Defence and Women’s Rights Debates 12 February 2002.
[18] Seanad Éireann, ‘Data Protection Bill 2018: Committee Stage (Resumed)’ (6 March 2018) Vol. 256 No. 9 https://www.oireachtas.ie/en/debates/debate/seanad/2018-03-06/9/?highlig... (last accessed 3 August 2020).
[19] Dáil Éireann, ‘Data Protection Bill 2018 [Seanad]: Second Stage (Resumed)’ Vol. 967 No. 5 https://www.oireachtas.ie/en/debates/debate/dail/2018-04-18/34/?highligh... (last accessed 3 August 2020).
[20] Ibid.
[21] Select Committee on Justice and Equality, ‘Data Protection Bill 2018: Committee Stage (Resumed)’ (3 May 2018) https://www.oireachtas.ie/en/debates/debate/select_committee_on_justice_... (last accessed 3 August 2020).
[22] Dáil Éireann, ‘Data Protection Bill 2018 [Seanad]: Report Stage’ Vol. 969 No. 1 https://www.oireachtas.ie/en/debates/debate/dail/2018-05-15/33/?highligh... (last accessed 3 August 2020).
[23] Ibid.
[24] Select Committee on Justice and Equality, ‘Data Protection Bill 2018: Committee Stage’ (2 May 2018) https://www.oireachtas.ie/en/debates/debate/select_committee_on_justice_... (last accessed 3 August 2020).