Data Protection Act, 1988

Interpretation and application of Act.

1.—(1) In this Act, unless the context otherwise requires—

“appropriate authority” has the meaning assigned to it by the Civil Service Regulation Acts, 1956 and 1958;

“back-up data” means data kept only for the purpose of replacing other data in the event of their being lost, destroyed or damaged;

“civil servant” has the meaning assigned to it by the Civil Service Regulation Acts, 1956 and 1958;

“the Commissioner” has the meaning assigned to it by section 9 of this Act;

“company” has the meaning assigned to it by the Companies Act, 1963 ;

“the Convention” means the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data done at Strasbourg on the 28th day of January, 1981, the text of which is set out in the First Schedule to this Act;

“the Court” means the Circuit Court;

“data” means information in a form in which it can be processed;

“data controller” means a person who, either alone or with others, controls the contents and use of personal data;

“data equipment” means equipment for processing data;

“data material” means any document or other material used in connection with, or produced by, data equipment;

“data processor” means a person who processes personal data on behalf of a data controller but does not include an employee of a data controller who processes such data in the course of his employment;

“data subject” means an individual who is the subject of personal data;

“direct marketing” includes direct mailing;

“disclosure”, in relation to personal data, includes the disclosure of information extracted from such data and the transfer of such data but does not include a disclosure made directly or indirectly by a data controller or a data processor to an employee or agent of his for the purpose of enabling the employee or agent to carry out his duties; and, where the identification of a data subject depends partly on the data and partly on other information in the possession of the data controller, the data shall not be regarded as disclosed unless the other information is also disclosed;

“enforcement notice” means a notice under section 10 of this Act;

“financial institution” means—

(a) a person who holds or has held a licence under section 9 of the Central Bank Act, 1971 , or

(b) a person referred to in section 7 (4) of that Act;

“information notice” means a notice under section 12 of this Act;

“local authority” means a local authority for the purposes of the Local Government Act, 1941 ;

“the Minister” means the Minister for Justice;

“personal data” means data relating to a living individual who can be identified either from the data or from the data in conjunction with other information in the possession of the data controller;

“prescribed”, in the case of fees, means prescribed by regulations made by the Minister with the consent of the Minister for Finance and, in any other case, means prescribed by regulations made by the Commissioner with the consent of the Minister;

“processing” means performing automatically logical or arithmetical operations on data and includes—

(a) extracting any information constituting the data, and

(b) in relation to a data processor, the use by a data controller of data equipment in the possession of the data processor and any other services provided by him for a data controller,

but does not include an operation performed solely for the purpose of preparing the text of documents;

“prohibition notice” means a notice under section 11 of this Act;

“the register” means the register established and maintained under section 16 of this Act;

and any cognate words shall be construed accordingly.

(2) For the purposes of this Act, data are inaccurate if they are incorrect or misleading as to any matter of fact.

(3) (a) An appropriate authority, being a data controller or a data processor, may, as respects all or part of the personal data kept by the authority, designate a civil servant in relation to whom it is the appropriate authority to be a data controller or a data processor and, while the designation is in force—

(i) the civil servant so designated shall be deemed, for the purposes of this Act, to be a data controller or, as the case may be, a data processor, and

(ii) this Act shall not apply to the authority,

as respects the data concerned.

(b) Without prejudice to paragraph (a) of this subsection, the Minister for Defence may, as respects all or part of the personal data kept by him in relation to the Defence Forces, designate an officer of the Permanent Defence Force who holds a commissioned rank therein to be a data controller or a data processor and, while the designation is in force—

(i) the officer so designated shall be deemed, for the purposes of this Act, to be a data controller or, as the case may be, a data processor, and

(ii) this Act shall not apply to the Minister for Defence,

as respects the data concerned.

(c) For the purposes of this Act, as respects any personal data—

(i) where a designation by the relevant appropriate authority under paragraph (a) of this subsection is not in force, a civil servant in relation to whom that authority is the appropriate authority shall be deemed to be its employee and, where such a designation is in force, such a civil servant (other than the civil servant the subject of the designation) shall be deemed to be an employee of the last mentioned civil servant,

(ii) where a designation under paragraph (b) of this subsection is not in force, a member of the Defence Forces shall be deemed to be an employee of the Minister for Defence and, where such a designation is in force, such a member (other than the officer the subject of the designation) shall be deemed to be an employee of that officer, and

(iii) a member of the Garda Síochána (other than the Commissioner of the Garda Síochána) shall be deemed to be an employee of the said Commissioner.

(4) This Act does not apply to—

(a) personal data that in the opinion of the Minister or the Minister for Defence are, or at any time were, kept for the purpose of safeguarding the security of the State,

(b) personal data consisting of information that the person keeping the data is required by law to make available to the public, or

(c) personal data kept by an individual and concerned only with the management of his personal, family or household affairs or kept by an individual only for recreational purposes.

Protection of Privacy of Individuals with regard to Personal Data