Data protection activity rises as complaints slow


12 Apr 2006

Activity at the office of the Data Protection Commissioner (DPC) rose last year but the number of new complaints was down on previous years.

The statistic was revealed as part of the commissioner’s annual report for 2005. Staff at the office gave several public presentations and, along with privacy audits, advertising and the production of a training DVD/CD, these helped to increase awareness of the office and its function.

Among the highlights of the year was the DPC’s successful conclusion of a court case against a company for spamming — the first case of its kind in Ireland. The DPC Billy Hawkes said that since the case similar complaints had fallen in number.

In 2005 the number of new complaints received by the DPC decreased to 300, down from 385 in 2004. The biggest factor in this decrease was the significant reduction in the number of complaints dealt with under the Privacy in Electronic Communications Regulations: 66 in 2005 compared to 131 in 2004. The number of complaints concluded during 2005 was 389 and at the end of the year 90 were still on hand.

Just over one third of all complaints (35pc) concerned the exercise of the right of access to data under section four of the Data Protection Acts. Some 33pc of complaints related to direct marketing, including telemarketing. The next most common complaint, in 15pc of cases, centred on the issue of fair obtaining and incompatible disclosures of data to third parties. Almost half (45pc) of complaints were resolved informally, 27pc were upheld and 28pc were rejected.

The report also referred to a survey carried out for the DPC last year which showed nine out of 10 people say that personal privacy is very important to them and the issue came second only to crime in relative importance. The survey also found concern amongst Irish people about using the internet in terms of disclosing credit card details and the possibility of internet fraud. The survey also found that 50pc of the public are now aware of the existence of the DPC.

Staff at the office of the DPC carried out three comprehensive audits last year, at The Irish Credit Bureau, Tesco Ireland and Lucan District Credit Union. DPC inspection teams found that there is a reasonably good awareness of and compliance with the data protection principles in those organisations. Resource constraints meant that the DPC was unable to carry out more audits.

In his preface to the report Hawkes, who took over the role from Joe Meade last year, noted that the international climate has seen some significant curtailment of civil liberties under the umbrella of the so-called ‘war on terror’. He deemed some of the measures taken as “privacy invasive”, such as the right to demand information from telecoms operators about an individual’s contacts and movements.

The other threat to privacy comes from business, he added. “In their eagerness to sell their products and services to customers, commercial organisations can sometimes overstep the boundary between legitimate marketing activity and unjustified intrusion into the individual’s ‘private space’,” said Hawkes. The telecoms sector was the worst offender, he added, citing some “appalling examples of aggressive, privacy-invasive sales tactics” used against vulnerable people. He added, however, that the majority of companies respect the right to privacy and said he was hopeful that problems with the telemarketing ‘opt-out’ facility would be resolved soon.

Included in the report are 12 case studies where infringements of privacy may have taken place. The examples included a biometric time and attendance system, a denied request for access to life assurance company and medical reports, cross-marketing using credit card information and a nightclub collecting customer mobile phone numbers for marketing purposes.

Copies of the full report are available for download online at www.dataprivacy.ie.

By Gordon Smith