Support Centre

Ireland

Summary

Law: Data Protection Act 2018 ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Data Protection Commission ('DPC')

Summary: The Act implements the GDPR and also sets out derogations including certain variations on when data subject rights can be exercised and the processing of special categories of data. There are also additional provisions that regulate the use of children's data beyond the GDPR, although not all of these have yet commenced and are still under discussion. The DPC has been particularly active in issuing guidance on various topics, including cookies, Data Protection Impact Assessments, and data breach notifications. The DPC has initiated several high-profile statutory inquires, however, it only issued its first monetary penalties in May 2020 following a series of breach notifications from a state agency.

Insights

At the beginning of this year, the World Economic Forum Annual Meeting at Davos applauded the growth in artificial intelligence (AI), particularly generative AI. Against the backdrop of the world's biggest challenges, reports from Davos suggested that world leaders and business executives were cautiously optimistic for 2023. Reports have persisted throughout this year, with commentary lauding support for AI tech, while others point to a potential "dot.ai" bubble brewing. Time will unveil the answer. In the meantime, decisions regarding fintech and digital transformation point to an overarching mindset - investing in AI, with care.

In this Insight article, Rory O'Keeffe, Partner at Matheson LLP, will take you on a short journey through AI and Fintech, discussing their advantages and risks, focusing in particular on what the future holds for Ireland in this area.

On 20 March 2023, the Department of Enterprise, Trade and Employment published the General Scheme of the Digital Services Bill 2023 (the Bill). The Bill seeks to implement into domestic law aspects of Regulation (EU) 2022/2065 of October 19, 2022, on a Single Market for Digital Services and Amending Directive 2000/31/EC (Digital Services Act) (DSA). In this Insight article, Kate Colleary and Louise McCormack, from Pembroke Privacy Limited, provide an overview of the Bill, including its purposes and scope, and analyze its interplay with the DSA.

As part of their continued focus on raising cybersecurity standards within the EU, the European Parliament and the European Council signed into law, on 14 December 2022, Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/10111 ('DORA').

Joseph Kennedy, Barrister at Law at the Bar of Ireland, summarises DORA's scope and key provisions and contrasts it to the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), highlighting the Central Bank of Ireland's approach and guidance on operational resilience.

The Data Protection Commission ('DPC') published, on 17 December 2021, its final version of its guidance on the fundamentals for a child-oriented approach to data processing ('the Fundamentals')1. The Fundamentals introduce child-specific data protection interpretative principles and recommended measures to enhance the level of protection afforded to children against the data processing risks posed to them by their use of or access to services in both an online and offline world. Moreover, the Fundamentals also aim to assist organisations that process children's data by clarifying the principles in terms of the high-level obligations under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), to which the DPC expects such organisations to adhere. This Insight provides an overview of the Fundamentals.

The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2018 ('the Act') are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission ('DPC'). In part two of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, discusses the general requirements regarding the collecting, processing, and retaining of employee data, as well as the requirements regarding employee health data.

The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2018 ('the Act') are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission ('DPC'). In part one of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, provides some background to the DPC and its relevant guidance, as well as the requirements regarding data protection at the recruitment level.

Feedback