edri.org writes that the Irish Presidency of the European Council has distributed a “discussion paper”on the protection of citizens’ personal data ahead of this week’s Justice and Home Affairs Council in Dublin. As the first Presidency in this “European Year of the Citizen”, we had every reason to expect the Irish to produce novel ways of protecting citizens. Their first suggestions are definitely novel, but certainly are not protective of citizens’ fundamental rights.
For example, based on the current situation in Ireland, the idea is that all companies can do whatever they want with personal data, without fear of sanction. Sanctions, such as fines, “should be optional or at least conditional upon a prior warning or reprimand”. In other words, do what you want, the worst that can happen is that you will receive a warning.
Of course, policies are often proposed that sound worse in theory than they are in practice. In this case, however, we just have to look at current practice in Ireland to see what such an approach looks like. The Irish police “PULSE” database sagagives a chilling insight into the brave new world into which the Irish Presidency apparently wants to lead us.
In 2007, the Irish data protection Commissioner agreed a “self-regulation”structure with the police. In 2010, a report from a judge assessing Ireland’s data retention regime identified serious abuses happening under this “light touch” regulatory system. The abuses passed apparently unnoticed by the vastly under-resourced data protection authority (DPA) that had approved the launch of the “self-regulatory” regime. The Irish DPA availed of its option not to take immediate enforcement action against the police.
In 2011, a full four years after the system had been set up, the Irish data protection authority at last came to the conclusion that… (read the whole story HERE).