Data Protection Act 1988
Repealed other than for certain excepted purposes (25.05.2018) by Data Protection Act 2018 (7/2018), s. 7(1)(e), (4), S.I. No. 174 of 2018. The excepted purposes in subs. (4) are 7/2018, s. 8(1)(b), (2) and (3). See C-note below.
Inserted (1.07.2003) by Data Protection (Amendment) Act 2003 (6/2003), s. 10, S.I. No. 207 of 2003.
Inserted (1.04.2002) by European Communities (Data Protection) Regulations 2001 (S.I. No. 626 of 2001), reg. 4.
Modifications (not altering text):
Section repealed, but retained (see below) for certain excepted purposes (25.05.2018) by Data Protection Act 2018 (7/2018), s. 7(1)(e), (4), S.I. No. 174 of 2018. The excepted purposes in subs. (4) are 7/2018, s. 8(1)(b) (the processing of such data under the Criminal Justice (Forensic Evidence and DNA Database System) Act 2014 (11/2014) or the Vehicle Registration Data (Automated Searching and Exchange) Act 2018 (5/2018) to the extent that the Act of 1988 is applied in those Acts) and s. 8(2), (3) (transitional provisions). Note Data Protection Act 2018 (7/2018), s. 14(3): A reference in the Act of 1988 (other than in section 1(3)(c)(iii) in so far as it refers to the Commissioner of the Garda Síochána) to the Commissioner shall be construed as a reference to the Commission.
9.—(1) For the purposes of this Act, there shall be a person (referred to in this Act as the Commissioner) who shall be known as an Coimisinéir Cosanta Sonraí or, in the English language, the Data Protection Commissioner; the Commissioner shall perform the functions conferred on him by this Act.
F31[(1A) (a) The lawfulness of the processing of personal data (including their transmission to the Central Unit of Eurodac established pursuant to the Council Regulation) in accordance with the Council Regulation shall be monitored by the Commissioner.
(b) In paragraph (a) of this subsection, "the Council Regulation" means Council Regulation (EC) No. 2725/2000 of 11 December 2000(2) concerning the establishment of Eurodac for the comparison of fingerprints for the effective application of the Dublin Convention.
(1B) The Commissioner shall arrange for the dissemination in such form and manner as he or she considers appropriate of—
(a) any Community finding (within the meaning of subsection (2)(b) (inserted by the Act of 2003) of section 11 of this Act),
(b) any decision of the European Commission or the European Council under the procedure provided for in Article 31(2) of the Directive that is made for the purposes of paragraph 3 or 4 of Article 26 of the Directive, and
(c) such other information as may appear to him or her to be expedient to give to data controllers in relation to the protection of the rights and freedoms of data subjects in respect of the processing of personal data in countries and territories outside the European Economic Area.
(1C) The Commissioner shall be the supervisory authority in the State for the purposes of the Directive.
(1D) The Commissioner shall also perform any functions in relation to data protection that the Minister may confer on him or her by regulations for the purpose of enabling the Government to give effect to any international obligations of the State.]
(2) The provisions of the Second Schedule to this Act shall have effect in relation to the Commissioner.
F32[(3) The Commissioner shall be the supervisory authority in the State for the purposes of Articles 4, 17, 25 and 26 of the Directive.]
Section applied with modifications by Criminal Justice (Forensic Evidence and DNA Database System) Act 2014 (11/2014), s. 123(1), (2)(g), partially commenced insofar as the 2014 Act, part 12 ch. 4 (which includes s. 123) relates to an Article 7 request within the meaning of that chapter (20.11.2015) by S.I. No. 508 of 2015, otherwise (3.12.2018) by S.I. No. 503 of 2018.
Application of Act of 1988
123. (1) The Act of 1988 shall, with the modifications specified in subsection (2) and any other necessary modifications, apply to the processing of personal data supplied or received pursuant to—
(a) Chapter 2,
(b) Chapter 3, or
(c) an Article 7 request,
and, for the purposes of the foregoing application of the Act of 1988, references in it to that Act or the provisions of that Act shall, unless the context otherwise requires, be construed as including references to—
(i) Chapter 2 or the provisions of that Chapter,
(ii) Chapter 3 or the provisions of that Chapter, and
(iii) Chapter 3 of Part 5 of the Act of 2008 insofar as that Chapter applies to an Article 7 request or the provisions of that Chapter insofar as they apply to such a request.
(2) The modifications of the Act of 1988 referred to in subsection (1) are the following, namely— ...
(g) in section 9, the insertion of the following subsection after subsection (1D):
“(1E) (a) The Commissioner shall be the competent data protection authority in the State for the purposes of a European Union or international instrument.
(b) The lawfulness of the processing of personal data supplied or received pursuant to—
(i) Chapter 2 of Part 12 of the Act of 2014,
(ii) Chapter 3 of that Part of that Act, and
(iii) an Article 7 request,
shall be monitored by the Commissioner.
(c) The performance by the Commissioner of his or her function under paragraph (b) shall include the carrying out of random checks on the processing of personal data referred to in that paragraph.
(d) The Commissioner may request the data protection authority of a designated state to perform its functions under the law of that designated state with regard to checking the lawfulness of the processing of personal data supplied by the State to that designated state pursuant to the relevant European Union or international instrument.
(e) The Commissioner may receive information from the data protection authority of a designated state arising from the performance by it of the functions referred to in paragraph (d) with regard to the processing of the personal data concerned.
(f) The Commissioner shall, at the request of the data protection authority of a designated state, perform his or her functions under paragraphs (a) to (c) of this subsection and he or she shall furnish information to that authority with regard to the processing of the personal data the subject of the request.”.
Application of section extended with modification (27.01.2014) by Credit Reporting Act 2013 (45/2013), S.I. No. 19 of 2014.
(2) Sections 2 , 4 and 6 of the Data Protection Act 1988 shall have effect as if—
(a) references to personal data included relevant credit data, and
(b) a person to whom this section applies were a living individual, and sections 9, 10, 12 and 24 to 31 of that Act apply accordingly.
(4) This section applies to any person with an annual turnover of not more than €3,000,000 (and to whom sections 2, 4 and 6 of the Data Protection Act 1988 would not apply apart from this section).
Power pursuant to section exercised (25.05.1993) by Data Protection Commissioner Superannuation Scheme 1993 (S.I. No. 141 of 1993). Continued in force (25.05.2018) by Data Protection Act 2018 (7/2018), s. 67, S.I. No. 174 of 2018, as if made under 7/2018, s. 22 and (a) a person who was a member of the scheme ... shall continue to be a member, and (b) the provisions of that section shall apply accordingly.