Privacy concerns remain about a number of major infrastructure projects, including the introduction of postcodes and the primary school database, the Data Protection Commissioner has said.
In an interview with The Irish Times, Helen Dixon, who took up the role in September, said discussions between her office and public bodies on such projects were part of the day-to-day engagement. Such projects may, in themselves, be "legitimate".
But she said it appeared in some cases, including those of Irish Water and the primary school pupil database, that the “information provision” in relation to how they were implemented was “inadequate”.
She accepted “legitimate question marks are now arising” about the primary school pupil database, which the Department of Education says will keep information on individuals up to their 30th birthdays. The Department has asked schools to collect information including students’ PPS numbers and information on ethnicity and religion.
‘Genuine’
The department, she noted, “is of the view that it has a genuine and proportionate need for this data”.
“And yet it seems to be the case that there’s an inadequate explanation of why they need it and why they need to hold it for as long as they are holding it.”
“From time to time, we have seen public bodies will mention quite deliberately that ‘this was done in consultation with the Data Protection Commissioner’.
“I suppose what they are trying to do is to give confidence to data subjects (citizens) that they have gone through a rigorous process and an analysis and that they believe what they are proposing is lawful. I don’t believe there are necessarily any non-benign motives behind trying to do that.”
Her office will, she insisted, be independent of government in exercising its role, which includes dealing with a “huge body of work” on public sector projects with data implications. “It’s very clear, and I can’t say otherwise, that the public service hasn’t got it right in terms of data management in all cases,” she said.
But there was, she believed, “a huge desire” on their part to engage with her office to ensure they get things right.
The roll-out next year of Eircodes – a unique postcode allocated to every household – also gave rise to privacy concerns. These have been repeatedly stated in the annual reports of her predecessor.
Ms Dixon said it was difficult to say as yet what kind of harms, if any, may derive from the use of a unique code to identify each individual home in the state. “One struggles to come up with an absolutely riveting example of what will definitively happen the day it is introduced,” she said. “But it could give rise to issues.”
’Whirlwind’
It has been a “whirlwind” few months during which she has met her international counterparts and held meetings with companies and bodies she is responsible for regulating. Multinationals such as
, LinkedIn and
Apple
, with their European bases in
Ireland
and their hundreds of millions of customers, fall within her regulatory regime.
In her first few weeks in the job she met international counterparts at conferences, and some voiced criticisms of the Irish data protection regime.
These included one often rolled out – that Ireland is "soft" on regulating major multinationals in return for their bringing thousands of jobs here. She absolutely rejects that criticism, as did her predecessor Billy Hawkes.
She said she wanted to counter those criticisms with the help of a “very dedicated and experienced staff” who have very specialist skills in areas such as data protection audits.
Her office has had its budget allocation almost doubled this year to almost €3.65 million, and she is recruiting 18 new staff for an office in Dublin, which would officially “complement” the one in Portarlington, Co Laois.