Data Protection Act

Data Protection Act (1988)
The following blog will outline the importance of the Data Protection Act and discuss some contemporary issues in an online context.

Act & Commissioner
The Data Protection Act (DPA) is an important piece of legislation aimed at safeguarding the rights of an individual’s personal data. If you collect, store or process any data on living people, you are bound to comply with the Act. The DPA follows eight principles or rules, listed below, which relate to any type of data.

Eight Principles of Data Protection

Eight Principles of Data Protection

Data Controller, Subject & Processor

Data Protection Act Definitions

Data Protection Act definitions

The Data Commissioner is responsible for dealing with complaints and ensuring that legal rights are upheld. Helen Dixon was appointed the Data Commissioner in 2014 and is responsible for not only Irish individuals but data from companies based in the State which include; Facebook, Google and Twitter. The department has been under increased pressure from Europe as it has been viewed as a ‘light touch’ when it comes to data protection regulation. There is also concern that the larger tech multinationals based in Ireland are using the country as a ‘one stop shop’ for European data collection (Weckler, 2015). In the background, the formation of the new European Data Protection Board will bring a pan-European regulator.

EU vs. US Safe Harbour Agreement (2000)
Data protection in the digital age is borderless and this has created much ambiguity when dealing with multinational data. The European Union (EU) and the United States (US) are the powerhouses when it comes to mass data. Europe is seen as social democratic while the US a more liberal model of government. Each have their own privacy laws and there is a need to balance data privacy with business and innovation to flow freely.
The EU and US established to the Safe Harbour Agreement in 2000 for US companies to agree with EU Directives. The agreement has been describes as shaky and the revelations of US surveillance practices caused a rift between the States. Recent negotiations maintained the agreement but the diverging cultural and legal discretions are making the long term effectiveness of the Agreement unlikely. Both States will have to look for a revised agreement to keep up with technological and social norms of data protection (Peltz-Steele, 2015).

Cookies
Cookies are small pieces of data sent from a website from a user’s web browser. Companies use this data to gain insights into the way people interact with websites. This is not only personal data willingly given but also information about user habits gathered through identifiers on web sites. Companies want to know user’s data to target advertising and websites to improve the user’s online experience. This gathering of data has become more sophisticated and user information is now even a commodity to be sold. There has been a push to regulate this practice and for governments to set stricter rules for consumer protection. There have been a number of cases taken against companies’ use of cookie. Adobe Flash Player is a high profile example of surreptitiously collecting data from users. The EU introduces the ePrivacy Directive (2002) which lays down principles to the use of cookies essentially for legitimate purposes and with the user’s knowledge. There is still ambiguity over the collection and storage method and each Member State still has discretion over the interpretation of the directive (Lanois, 2011).

Cloud
The Cloud is a network of remote servers to store, manage and process data. This poses an even bigger threat to traditional desktop computing as all data is stored online. The identified risk relate to security risks and people’s identity. This put additional pressure on Cloud vendors to increase their security. Still the issue of jurisdiction remains and data may not be secure in some countries with less vigorous security measures. Cloud computing is on the rise as a popular, cheap and convenient form of data storage for individuals and businesses. Moving data outside the EU can be considered a breach of the EU Data Protection Directive (Lanois, 2011). Is feasible for multinational organisations to segregate and store such data?

Breaches
There have been a number of high profile data breaches which gained widespread public attention. Data breaches are not a new phenomenon but the increase in digital data has the potential to impact millions of people. The Data Protection Commissioner publishes records of data breaches by year and category. The largest data breach recorded in Ireland was by Loyaltybuild. Personal details and financial data of about 1.5 million customers was hacked described as a ‘sophisticated criminal act’. Though serious, this pales in comparison to some of the worldwide security breaches.

History of Data Breaches

Digital Guardian: The History of Data Breaches (2015)

Conclusion
The Data Protection Act is an important piece of legislation for data collection. There are clear guidelines to follow and the Data Controller is responsible for the implementation of the Act. The EU and US established the Safe Harbour Agreement in 2000 to govern data in the two jurisdictions. Some contemporary issues relating to data protection include Cookies and Cloud computing. Cookies are useful for advertising and improving online experiences but security issues remain. Cloud computing means holding data on cloud servers with security risks a prevalent concern. Data Breaches are a common occurrence in the digital age and concerns over security are impacting millions worldwide.

References
• Data Protection Act (1988 & 2003) ‘A Guide for Data Controllers’, Available at: https://www.dataprotection.ie/documents/forms/NewAGuideForDataControllers.pdf (Accessed on: 31 August 2015)
• Data Protection Commissioner (2015) ‘Data Protection’, Available at: http://www.dataprotection.ie/viewdoc.asp?DocID=4 (Accessed on: 31 August 2015)
• Weckler, A. (2015) ‘Irish Independent – Ireland’s New Data Chief – Forget About the Light Touch’, Available at: http://www.independent.ie/business/technology/news/irelands-new-data-chief-forget-about-the-light-touch-31182694.html (Accessed on: 01 September 2015)
• Peltz-Steele, R.J. (2015) ‘THE POND BETWIXT: DIFFERENCES IN THE US-EU DATA PROTECTION/SAFE HARBOR NEGOTIATION’,Journal Of Internet Law, 19, 1, pp. 1-15, Business Source Complete
• Lanois, P. (2011) ‘Privacy in the Age of the Cloud’, Journal of Internet Law, 15, 6, pp. 3-17, Business Source Complete
• Digital Guardian (2015) ‘The History of Data Breaches’, Available at: https://digitalguardian.com/blog/history-data-breaches Accessed on: 11 September 2015

Leave a Reply

Your email address will not be published. Required fields are marked *