Month: January 2011

Privacy & Human Rights in Europe

Privacy InternationalPrivacy International have published their latest study reviewing privacy and human rights in Europe.

I contributed to the Irish chapter of the report, along with TJ McIntyre and Colin Irwin. It gives a good overview of current Irish law on privacy and data protection.

The report concludes that, while Europe is the world leader in privacy rights, there remains much work to be done in the field.

The Directive on Data Protection has been implemented across EU member states and beyond, but inconsistencies remain. Surveillance harmonisation that was once threatened is now in disarray. Yet there are so many loopholes and exemptions that it is increasingly challenging to get a full understanding of the privacy situations in European countries. The cloak of ‘national security’ enshrouds many practices, minimises authorisation safeguards and prevents oversight.

The report includes a report card in its key findings, the highlights of which for Ireland include criticisms that Ministerial warrants can override privacy law protections and that powers allowing for interception of VoIP calls are ambiguous.

For more on international privacy law, Morrison Foerster have a very useful library which acts as an online sourcebook.

Advertisements

Another recall: on what legal authority will Toyota get access to owner details?

Toyota announced another recall today.

wrote about car recalls last year. Car manufacturers don’t have ownership details of all cars sold and, in the event that a safety issue arises, needs to get that data from vehicle licensing authorities.

From the US National Archives

Access to this data would normally be prohibited under the Data Protection Acts 1988 and 2003 but was previously facilitated by a set of regulations published by the Department of Finance. The Data Protection Commissioner criticised the unqualified access provided under those regulations and sought their review. I don’t know whether the Commissioner’s comments influenced the Department of Finance, but in 2005 a new set of regulations were published which removed the reference to car manufacturers.

Therefore, in so far as I can tell, the law no longer provides for the provision of car registration data by vehicle registration authorities to car manufacturers. Unless Toyota is otherwise entitled to that data (and I have argued that they are not), the disclosure by the vehicle registration authorities is contrary to the Data Protection Acts.

The new Revenue data protection regime in the Finance Bill 2011

The Finance Bill 2011 seems to have become the key to Ireland’s salvation and our parliamentarians fear allowing democracy to run its course without first passing it.

When the Green Party withdrew from Government yesterday, Eamon Ryan suggested that a scaled-down bill could be passed quickly and that the balance of the provisions could be enacted by the next government. This seems a strange proposition and one might wonder why the next government couldn’t just do the whole job.

Nevertheless, the opposition have taken up that argument with Leo Varadkar memorably suggesting this morning that a “bikini bill” be passed: one which covers the bare essentials. Minister for Finance Brian Lenihan has difficulties with this, as some of the new provisions in the published bill address anti-avoidance measures and their publication has advertised opportunities to exploit tax loopholes. If they are not closed quickly, he argues, further taxes will be lost.

The list of items in the Bill published by the Department of Finance helpfully categorises them as measures which were announced in Budget 2011 and those which are new in the Bill. These type of provisions are often housekeeping and do not address strictly budgetary matters. One which caught my eye is that concerning taxpayer confidentiality.

Section 73 of the Bill would insert a new section 851A to the Taxes Consolidation Act 1997 to provide that taxpayer information held by the Revenue Commissioners is confidential and may only be disclosed in certain circumstances. The Department explains that this

addresses the current lack of a specific tax-related provision governing the confidentiality of taxpayer information provided to Revenue.

An offence of knowingly providing confidential information is included and can be punished by a fine of up to €10,000.

This section is surprising in light of the fact that the data security breach aspects of the Data Protection Acts 1988 and 2003 are currently under review. Indeed, the statement that it “addresses the current lack of a specific tax-related provision governing … confidentiality” suggests that the extensive provisions of the Data Protection Acts are insufficient. The proposition that these insufficiencies could be remedied by a single section in the Taxes Consolidation Act 1997 is implausible.

In 2009, the Data Protection Commissioner undertook a detailed audit of the Revenue Commissioners and the results were generally positive.

The Inspection Team considered that there exists a very high organisational awareness of data protection principles in Revenue. In particular, the presence of a dedicated Data Protection Unit, with designated contact points in the event of any issues arising was considered by the Team to be a very appropriate structure for a public sector entity in possession of high volumes of personal data. There is very clear evidence that a detailed approach has been taken by Revenue to identifying and setting out, via policy documents etc, its responsibilities under data protection legislation. This thorough approach is to be welcomed.

The Commissioner made a number of compliance recommendations and recommend that Revenue undertake a privacy impact assessment of any proposal to extend its investigative powers. Given that the report was overwhelmingly positive it is unclear where the impetus for section 73 lies (though TJ McIntyre speculates that it may have something to do with recent alleged wrongdoing by Revenue officials, uncovered by internal audits).

There are a number of aspects of the Data Protection Acts that could benefit from reform; not least the fact that the Acts do not provide for a straightforward offence of breaching data security, as is now proposed for Revenue data. Rather, it is an offence:

  • to ignore a notice issued by the Data Protection Commissioner in respect of personal data;
  • for a data processor to disclose personal data without the authority of the relevant data controller;
  • to gain access to personal data held by a data controller and to disclose it to another person.

This last offence does not apply to an employee of the data controller and so section 73 would seem to catch Revenue employees where the Data Protection Acts would not. However, the penalties in the Data Protection Acts reach a maximum of €100,000, in contrast with the €10,000 maximum fine envisaged in the Finance Bill. In the UK, the maximum fine is £500,000.

The Data Protection Acts are lacking in enforcement teeth to deal with willful data security breaches. Instead, they provide for a system of co-operation and escalated engagement with data controllers. Nevertheless, the decision of the Department of Finance to go it alone on this issue is disappointing and section 73 of the Finance Bill once again fragments Irish law on a particular area rather than seeking to improve the general law that applies to everyone.

If citizens deserve to have such a protection in place in respect of Revenue data, why not health or employment data?

  • Update: It was reported today (25/01/11) that a Donegal civil servant allegedly accessed personal data at the Department of Social Protection in Letterkenny and passed that data to a private investigator who subsequently sold it to insurance companies. This is precisely the type of data security breach that section 73 is aimed at, but section 73 will be limited to the Revenue Commissioners and so will not cover the Department of Social Protection. As I asked yesterday, if a protection like section 73 is necessary for Revenue data, why not for other data?

TJ McIntyre looks at some other IT law aspects of the Finance Bill here and here. From a practical perspective, it is also noteworthy that the Bill (section 75) proposes to allow payment of taxes by credit card. While this may facilitate the Revenue Commissioners, it would not appear to be a prudent move for indebted taxpayers who might avail of the facility.

#100

Wordle: AClatterOfTheLaw.comI have enjoyed working on this blog for over a year now and have reached the hundredth post. In the time-honoured tradition of marking such milestones with lazy lists, here are the 10 most popular posts so far:

  1. Marriage by default and the Civil Partnership Bill 2009
  2. Regional papers got that regional knowledge, right?
  3. Graduated response now de facto law in Ireland
  4. Koger v. HWM: significant Irish software case on competing with former employer
  5. Fines Act 2010: paying fines or doing time?
  6. Blawg Review #264
  7. Biometric national ID cards for Ireland on the way?
  8. Ban on upward only rent reviews
  9. Is Ireland ready for a child rights referendum?
  10. Details of eircom’s 3-strikes system, but who will know what?

Interestingly, many of this top 10 are slow-burners that didn’t get many readers when published but have steadily attracted visits over the year, mostly by showing up in Google searches. The top 5 search terms are:

  1. fines act 2010
  2. hadji bey
  3. smdf
  4. civil partnership bill
  5. koger hwm

Of particular interest is the list of top referrers, which shows how people arrived at this blog. I wasn’t surprised that Twitter came out on top, as links are fed from the blog to my account. The second highest referrer was Eoin O’Dell’s excellent blog cearta.ie, and I am grateful to receive some of his many visitors. The third highest referrer was Facebook, which was a surprise, as I don’t push links to Facebook.

I hope to keep going for another 100 posts or more. Thank you for reading and, though most of you have remained anonymous so far, all comments are welcome (particularly those that disagree or correct errors!).

Irish Courts have duty to override religious objections of parents to protect welfare of children

The judgment of Mr. Justice Gerard Hogan in Temple Street v. D & Anor, published yesterday, makes for dramatic reading. It is not often that a sitting of the High Court occurs in the private residence of a judge at 1 a.m., but it is not the first time that the Irish medical profession has made emergency court applications when treating Jehovah’s Witnesses.

In this case, concerning Baby AB, the medical evidence presented to Hogan J. was that a blood transfusion “was clinically necessary and urgent and all possible alternatives had been exhausted.” Hogan J., referring to issues of religious belief, stated:

A secular court cannot possibly choose in matters of this kind and, of course, a diversity of religious views is of the essence of the religious freedom and tolerance which [the Constitution] pre-supposes. Nor can the State be prescriptive as to what shall be orthodox or conventional in such matters, for, as Jackson J. put it in a noted US decision concerning the Witnesses, West Virginia Board of Education v. Barnette:

“…if there is any fixed star in our constitutional constellation, it is that no official, high or petty, can prescribe what shall be orthodox in politics, nationalism, religion or other matters of opinion or force citizens to confess by word or act their faith therein.”

It probably suffices for present purposes simply to say that the right of a properly informed adult with full capacity to refuse medical treatment – whether for religious or other reasons – is constitutionally protected: see, e.g., Fitzpatrick v. FK (No.2) [2008] IEHC 104, [2009] 2 I.R. 7.

However, the person at issue (AB) was a minor and Hogan J. relied on Article 42.5 of the Constitution to grant an order allowing the blood transfusion to take place. Article 42.5 provides:

In exceptional cases, where the parents for physical or moral reasons fail in their duty towards their children, the State as guardian of the common good, by appropriate means shall endeavour to supply the place of the parents, but always with due regard for the natural and imprescriptible rights of the child.

This requires a failure in moral duty on the part of parents, so the conclusion is that adherence to a particular religious belief may, in so far as the State or society is concerned, constitute such a failure. Hogan J. said that:

the use of the term “failure” in this context is perhaps a somewhat unhappy one, since there is no doubt but that CD and EF, acting by the lights of their own deeply held religious views, behaved in a conscientious fashion vis-à-vis Baby AB. The test of whether the parents have failed for the purposes of Article 42.5 is, however, an objective one judged by the secular standards of society in general and of the Constitution in particular, irrespective of their own subjective religious views.

He concluded that the Court has “a jurisdiction (and, indeed, a duty) to override the religious objections of the parents”.

The judgment is likely to be of interest to opponents of greater recognition of the rights of the child in the Constitution, particularly those who fear greater State opportunities to override the rights of parents.

For more, see the Human Rights in Ireland blog and the Irish Times.

Getting off on a technicality

I’ve never liked the phrase. If an accused “gets off on a technicality” the prosecutor has failed to establish the case against the accused, who emerges without guilty verdict and is therefore innocent. So, when someone referring to a case being prepared by the Director of Public Prosecutions says that “every ‘i’ had to be dotted and ‘t’ crossed to ensure that nobody gets off on a technicality”, what they mean is that the evidence establishing guilt must be properly prepared. In this context, “technicality” is a synonym of “requirement of the law” and those requirements exist to protect the rights of citizens.

The phrase is so common that the perception exists that it can be easy to “get off on a technicality”. More often than not, it isn’t. Legislation creating a penal or taxation liability must be interpreted strictly (as held by the Supreme Court in Inspector of Taxes v. Kiernan [1981] IR 117 3 ITR 19). A consequence of this is that legal requirements (“technicalities”) must be fulfilled. The thinking is that the Oireachtas has formulated rules and it is not for the judiciary to pick and choose which of those rules should be applied, thereby usurping the role of the Oireachtas. Given that criminal law involves the application of penalties a degree of precision is expected in formulating and applying the law.

The most common source of so-called technical defences is that of drunken driving (drug driving, now a common problem, is subject to similar rules). Mark de Blácam SC, in the introduction to his book on the topic, points to the disdainful tone often used when referring to technical defences. As already indicated, a “technicality” is a requirement of the law, but these requirements are often spoken of dismissively in the case of drink driving charges. de Blácam says:

There are many other crimes which are more heinous than drunken driving, yet one cannot imagine a judge deriding an argument as a “mere murder argument” or a “typical fraud point”. For whatever reason drunken driving has become associated with lines of defence which are sometimes fatuous, “often specious” and generally technical if only in the limited sense that they are not readily intelligible to the layman.

These “technical defences” have been a feature of the Irish criminal justice system for many decades, with the result that the technical requirements have been finessed and the Gardaí have had ample experience in ensuring all requirements are met. Therefore, the possibility of circumstances giving rise to someone “getting off on a technicality” are diminished. The popularity of the concept, however, is not and a “technical defence” is sometimes hoped for in other road traffic cases.

Take this example: an individual was reported by a member of the public for dangerous overtaking. The individual apparently admitted the offence but noted a minor variance in the details of the offence when formal notification was received. The individual then hoped to “get the low down on how to dodge points” so that (s)he might “get off on a technicality as the time is incorrect”.

The District Court Rules, which apply to most road traffic cases and other minor offences, provide that an error like this is not material for the purposes of the case. Nor is a difference between the location of the alleged offence as stated on a summons and that given in evidence at trial. The High Court has observed that “these provisions … were designed to discourage the taking of purely technical objections based on variations between the written detail of the complaint and the facts established in evidence” (DPP v. Winston [1992] IEHC 275SS). Where there is a variance between the summons and the evidence, the judge can amend the summons and proceed to hear the case. Generally, one can only argue against the amendment of the summons where the initial error has prejudiced the accused or might affect the merits of the case. The judge can, in that situation, dismiss the case but can do so without prejudice to the charge being brought again. Therefore, the Gardaí can re-issue a corrected summons (once the time for doing so has not elapsed).

PS. Many road traffic offences are now detected automatically and dealt with by fixed charge notice. The notice will sometimes require correction through no fault of the Gardaí. For example, where an individual driving a car registered to his mother is detected speeding by an unmanned camera, the notice will issue to her as registered owner. The Fixed Charge Processing Office must be informed so that the notice can be reissued in the name of the driver. Failure to notify the FCPO frequently gives rise to summonses issuing. The Gardaí have a useful FAQ on fixed charge notices.