Have you ever though about the protection of your personal data?
Did you know you have a right to ensure that your personal data including personal data on your smartphone is protected and secure?
There was an interesting debate about this in the Seanad this week and we are interested in talking to Data Commissioner Billy Hawkes about this with regards to teenagers.
Seanad Adjournment Debate
Opening Remarks by Minister of State Kathleen Lynch T.D, on behalf of Alan Shatter, T.D, Minister for Justice, Equality and Defence
18 February, 2014
The need for the Minister for Justice and Equality to outline the steps he is taking to ensure the personal data of individuals is protected following the recent revelations that personal data from “leaky” smartphone apps can be gathered by surveillance operations.
– Senator Deirdre Clune
I am standing in for my colleague the Minister for Justice and Equality who is unavailable at present.
At the outset, I want to thank Senator Clune for raising this important issue. It is important to all of us that our personal data, including personal data on our smartphones, are safe and secure and that we do not feel that the use of apps will lead to misuse of our data, including misuse for purposes that we might never have envisaged when we decided to use a particular app.
Communication networks and information systems have become an essential component of both our economic systems and social life. All of us here today have witnessed an information technology revolution in our lifetimes, and the pace of change shows no sign of slackening. The development of smartphone technology and the widespread use of such phones is a good illustration of this phenomenon.
Specific safeguards for the protection of personal data are in place at European Union level. I would like to take this opportunity to briefly set out the background.
The centrepiece of existing EU legislation on personal data protection is Directive 95/46/EC which seeks to reconcile the protection of personal data with the free flow of such data within the internal market and to countries outside the EU. It has been transposed into Irish law in the Data Protection (Amendment) Act 2003 which supplements the Data Protection Act 1988.
This legislation requires all those handling personal data to take appropriate security measures against unauthorised access to, or unauthorised alteration or disclosure of, the data, in particular where processing operations involve the transmission of such data over a network. In determining what is appropriate in any particular case, account must be taken of the risk of harm that might result from security breaches and the state of technological development and costs of implementation. These security measures also apply where data are transferred to a destination outside the European Union.
The Data Protection Commissioner, who is independent in the performance of his duties, deals with complaints about companies and organisations established in this jurisdiction where there are allegations that they may not be meeting these security requirements. The Commissioner has extensive investigative and enforcement powers, including the power to take summary proceedings for offences under the Act. The Commissioner also carries out audits of organisations: such audits include an assessment of data security systems.
The 1995 Directive has been supplemented by other more specific legislative measures, such as the e-Privacy Directive which applies to providers of publicly available electronic communications services, namely telecom providers and ISPs. This Directive requires such companies to take appropriate measures to safeguard security of their services and to protect the confidentiality of communications and related traffic data.
It is generally recognised that the 1995 Data Protection Directive’s standards need to be updated to take account of more recent developments such as increased usage of mobile phones, cloud computing, social networking and increasing globalisation of data transfers. In January 2012, the European Commission tabled proposals for a reform of the current data protection framework and these proposals are currently being discussed at EU level. The proposed Regulation’s enhanced data protection standards will, when agreed, apply directly in all Member States without the need for transposing national legislation.
In addition to the responsibilities of those who develop and supply apps to incorporate appropriate security measures to secure data which is transmitted between the app and end-user, I think that it is also important to emphasise that there are many basic steps which may be available to those who choose to download and use apps, including limiting the amount of data stored on the smartphone to which apps are given automatic access. Also users should be vigilant in terms of the security of the WIFI networks to which they connect.
Finally, I think it is important to point out that we cannot ignore the very important fact that there is a recognised need to protect our citizens from terrorist threats and dealing with that does require access to certain data. However, in doing so it is necessary to ensure that the information is lawfully obtained and subject to appropriate safeguards. Any security surveillance undertaken must be balanced and proportionate. It must also take account of individual rights to privacy and ensure respect for human rights contained in the European Convention on Human Rights. It is for these reasons that we have in place statutory provisions, with judicial oversight, governing police surveillance and access to these data.