WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Republic of Ireland

Republic of Ireland

Constitutional Privacy Framework

Although there is no express reference to a right to privacy in the Irish Constitution, the Supreme Court has ruled an individual may invoke the personal rights provision in Article 40.3.1 to establish an implied right to privacy.[2890] This article provides, "The State guarantees in its laws to respect, and, as far as practicable, by its laws to defend and vindicate the personal rights of the citizens." It was first used to establish an implied constitutional right in the case of McGee v. Attorney General,[2891] which recognized the right to marital privacy. This case has been followed by others such as Norris v. Attorney General[2892] and Kennedy and Arnold v. Ireland.[2893] In the latter case, the Supreme Court ruled that the illegal wiretapping of two journalists was a violation of the constitution, stating:

The right to privacy is one of the fundamental personal rights of the citizen which flow from the Christian and democratic nature of the State . . . . The nature of the right to privacy is such that it must ensure the dignity and freedom of the individual in a democratic society. This can not be insured if his private communications, whether written or telephonic, are deliberately and unjustifiably interfered with.[2894]

Data Protection Framework

In 1988, the Data Protection Act was passed to implement the 1981 Council of Europe (CoE) Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. The Act regulates the collection, processing, keeping, use and disclosure of personal information processed by both the private and public sectors. However, before its amendment, the Act applied only to information automatically processed. Individuals have a right to access and correct inaccurate information. Information can only be used for specified and lawful purposes and cannot be improperly used or disclosed. Additional protections can be ordered for sensitive data. Criminal penalties can be imposed for violations. There are broad exemptions for national security, tax, and criminal purposes. Misuse of data is also criminalized by the Criminal Damage Act 1991.

As a member of the European Union, Ireland should have amended this Act and extended its scope to implement the European Data Protection Directive by October 1, 1998. In January 2000, the European Commission initiated a case before the European Court of Justice against Ireland and four other countries for failure to implement the Directive on time.[2895] In December 2001, certain provisions of the Directive were implemented by the European Communities (Data Protection) Regulations, 2001. The regulations took effect in April 2002 and governed the transfer of personal information to third countries (i.e. non- European Economic Area countries). The Data Protection (Amendment) Act 2003 (the Act) was finally enacted in July 2003, repealing the regulations and purporting to give effect to the EU Data Protection Directive.

The Act amends the existing law in several ways. The definition of "data" is extended to manual as well as automated files, although this extension will not be fully effective until October 2007. The Act also broadens the definition of "processing" to performing "any" operation on the data.[2896] The rights of individuals in the areas of notice, access and consent are also improved. Section 6B, as inserted by the 2003 Act, introduces a right in relation to automated decision making. It provides that decisions that significantly affect a data subject (such as work performance, creditworthiness, reliability or conduct) may not, in the absence of consent, be taken automatically without human input.

The Act also clarifies, and in many cases increases, the responsibilities of data controllers. It provides additional protection for "sensitive" data, defined as information relating to racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, physical or mental health, sexual life, the commission or alleged commission of an offence and any proceedings arising therefrom.[2897] Except in extreme circumstances, data controllers must get explicit consent before processing sensitive data, and must provide additional safeguards.[2898]

The Data Protection (Amendment) Act also provides for a number of measures concerning those involved in direct marketing. Under previous data protection legislation, information garnered from sources required by law to be publicly available (such as the electoral register) was exempt. Under the 2003 Act, an individual now has the right to object to use of this data for direct marketing purposes, and the controller must inform the individual of this right. In addition, the Electoral Amendment Act 2001 makes provision for the establishment of an edited electoral register similar to a system already deployed in the United Kingdom. Local authorities must now prepare two versions of the electoral register, a full one that can only be used for electoral and statutory purposes, and an edited version that will contain the names and addresses of those who have indicated their willingness to be contracted by commercial entities.[2899] It is an offence to ignore the edited register.[2900]

Data Protection Authority

Unless specifically exempted by the Data Protection Acts or under regulations issued by the Data Protection Commissioner (DPC), all data controllers are required to be registered. The Act increases the powers of the DPC and a provision is made for "prior checking" of applications for registration that may potentially cause substantial harm to data subjects. The DPC may also carry out investigations he or she considers appropriate to ensure compliance and to issue Codes of Practice. Finally, the new Act creates specific exemptions for "journalistic, artistic, or literary" processing.

The DPC oversees the enforcement of data protection laws. The Office of the DPC consists of 22 staff members.[2901] The Commissioner has powers to investigate complaints, prosecute offenders, sponsor or publish codes of practice, and supervise the registration process.[2902] Under Section 10 of the Data Protection Acts, 1988 and 2003, the Commissioner must investigate any complaints that he receives from individuals who feel that personal information about them is not being treated in accordance with the Act, unless he is of the opinion that such complaints are "frivolous or vexatious." The Commissioner notifies the complainant in writing of his decision regarding the complaint. The Commissioner's decision can be appealed to the Circuit Court.

The number of complaints received by the DPD continues to grow each year. In 2006, there were 658 complaints, as compared to 300 in 2005. The biggest cause of complaint related to unsolicited direct marketing by electronic means, principally to mobile phones. Another 28 percent of complaints concerned the right to access personal information. The annual report also contains a number of case studies arising from complaints and investigations in the previous year. Some of the cases for 2006 included: unsolicited cold calling and direct marketing; persistent direct marketing by multinational PC manufacturer Dell; use of personal public service (PPS) numbers by local authorities; compliance with access requests by the Garda Siochana (Police). The report also contains guidance notes regarding the disclosure of private information to local authorities by mobile phone companies, ICT project outsourcing in the public sector, and the use of publicly available data for marketing purposes.[2903]

In January 2001, the DPC issued regulations[2904] requiring all telecommunications companies and Internet service providers (ISPs) to register with his office.[2905] This was the first time the Commissioner had exercised his power to create additional categories of operators required to register. Whereas under the 1988 Act the Commissioner only had the power to approve codes drawn up by trade associations, the 2003 Act gives the Commissioner the power to propose and prepare codes, which, if approved by the Oireachtas (Parliament), will have binding legal effect. The preparation of codes of practice for the employment area, An Garda Síochána (Police), and the Funds, banking, insurance and financial services sectors is ongoing.

In May 2002, the European Communities (Data Protection and Privacy in Telecommunications) Regulations were signed into law.[2906] These regulations give effect to EU Directive 1997/66, which concerns data protection in the telecommunications sector. This directive was, however, replaced within five years by Directive 2002/58, which applies the principles of the general data protection Directive, 1995/46, to the communications sector.[2907] The new directive was transposed into Irish law by the European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003.[2908] The regulations strengthen the rules concerning direct marketing. In particular, unsolicited communications to individuals by means of fax, SMS, or automated calling are prohibited unless the individual "opts in" to receiving such.[2909] Where the recipient of the call is a company, they must state they do not wish to receive the communications.[2910]

In the case of unsolicited telephone calls made by human operators, persons may not be contacted if they have opted out, or if they have registered that they do not wish to receive such calls on the National Directory Database (NDD).[2911] The regulations provide for an amended version of the NDD,[2912] which lists those unwilling to receive unsolicited telephone calls. On July 21, 2005, more than 12 months later than originally planned, the NDD became fully operational. The three mobile telephone operators in Ireland chose to opt-out all their customers.

Stautory Rules Related to Privacy

Ireland is recognized as having modern copyright and electronic signature laws, and while it was once regarded as being superior in this respect to much of the EU, this is a gap which has considerably narrowed in recent years.[2913] In July 2000, the E-Commerce Act was implemented, granting legal recognition to e-signatures, e-writings and e-contracts. However, adoption of such in the public sector has been disappointing.[2914] It is hoped that the Public Services Broker going live in May 2005 will help in the provision of services electronically.[2915]

The Copyright and Related Rights Act, which permits surprise searches and enacts stiff penalties against software theft, came into force in November 2000. In 2005, a number of record companies used the provisions of the act to require Internet Service Providers to turn over details of customers whom the record companies believed had been involved in illegal file sharing.[2916] Irish ISPs have taken the view that they will not reveal this information to plaintiffs without a court order. The High Court has ordered disclosure of identities in several cases.[2917] However, the court also imposed safeguards, directing that the information disclosed could only be used to seek redress for the users’ alleged copyright infringement activities, and the identities of the alleged infringers could only be made public after the plaintiffs had started proceedings.[2918]

Ireland's implementation of the European Union E-Commerce Directive (2000/31/EC) makes it one of the only European countries to place the burden of opting out of "spam" on the consumer.[2919] However, this must be considered something of an anomaly in light of the recent implementation of the Directive on Privacy and Electronic Communications.

Wiretapping and Surveillance Rules

Wiretapping and electronic surveillance are regulated under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act.[2920] The Act followed a 1987 decision of the Supreme Court ruling that wiretaps of journalists violated the constitution. In October 2001, the Taoiseach (Prime Minister) publicly apologized on behalf of the State to three journalists whose phones were tapped during the 1980s as part of an effort to control leaks from the government. The Taoiseach apologized for "the inappropriate invasion of their privacy and interference by the State with their role as journalists."[2921] In its June 1998 Report on "Privacy, Surveillance and the Interception of Communications,"[2922] the Law Reform Commission recommended legislation to make illegal the invasion of a person's privacy through secret filming, taping and eavesdropping, and the publication of information received from such surveillance.

The issue of traffic or communications data retention has been a controversial data protection issue in Ireland since 2002. In November 2001, an investigation by the DPC showed Irish mobile phone operators were holding customer "locator records" for more than six years. In 2002, the government introduced a requirement for telecommuications service providers to retain customers' communications data, using secondary legislation that received minimal parliamentary consideration. In January 2003, the DPC, which itself operates under the auspices of the Department of Justice, Equality and Law Reform, initiated proceedings for judicial review on the basis that the government was "using an 'invalid' Ministerial Direction to unconstitutionally store citizens' phone, fax and mobile phone data."[2923]

Due to the lack of progress in regularizing the legislative framework, the DPC issued enforcement notices in January 2005 requiring that, by May 2005, the telecoms companies hold data for a maximum of 12 months. Due to a last-minute amendment, the Criminal Justice (Terrorist Offences) Act 2005 introduced a three-year period of data retention. It is unfortunate that in the course of debate the previous Minister for Justice, Michael McDowell stated: "The Bill is largely to do with the introduction of provisions into Irish law to extend our law in an adequate way to deal with international terrorism, as is required by various international instruments to which we are party." No international instruments as yet require data retention for a period of 36 months, and proposals put forward for such during the Irish Presidency of the EU were rejected. It is also unfortunate that given the length of time the government had to publish legislation on the issue, and despite repeated promises of dedicated legislation, they chose to insert the provisions as a last-minute amendment into a largely unrelated bill.[2924]

The Criminal Justice (Terrorist Offences) Act 2005 largely has its origins in the European Union Framework Decision on Combating Terrorism. As a result they share an overly broad and vague definition of "terrorist activity."[2925] The most controversial aspect of the new Act was the introduction of data retention measures.

Irish online civil rights group Digital Rights Ireland (DRI) commenced a High Court action against the Irish Government in 2006, challenging the Criminal Justice (Terrorist Offences) Act 2005, on the basis of Irish and European Law. DRI believes that the type of data retention envisaged constitutes an infringement of the constitutional right to privacy as well as the right to respect for private life and correspondence under Article 8 of the European Convention on Human Rights, as it requires that the telephone and online communications of all individuals in the State be logged. DRI argues that domestic case law[2926] as well as case law from the European Court of Human Rights[2927] have made it clear that telephone conversations are protected by these concepts. The European Court of Human Rights has also held that the keeping of logs of such communications (such as records of numbers dialed) falls within the scope of Article 8.[2928]

The Offences Against the State Act 1939 is the primary piece of anti-terrorist legislation in Ireland. Part 2 of the Act defines certain offences that are considered to be offences against the state. Part 3 introduced the concept of an illegal organization, a provision that has seen much use though the years in securing the conviction of members of the provisional IRA and other organizations involved in the conflict in Northern Ireland.

Section 52 of the Offences Against the State Act 1939 has also been subjected to addition judicial scrutiny in recent years. Section 52 provides that a person suspected of an offence under the Offences Against the State Act must account for his movements or actions during any specified period and divulge all information relating to the commission or intended commission of an offence. Although the section was found to be constitutional in Heaney v. Ireland,[2929] the European Court of Human Rights found the men, who received six-month sentences for failing to account for their movements, had been denied the right to a fair trial (Section 6.1 of the Convention) and the presumption of innocence (Section 6.2 of the Convention). In Quinn v. O’Leary & Ors,[2930] a case with similar facts, it was held by a judge that the plaintiff was entitled to have his conviction set aside on the basis of the European Convention of Human Rights, although the government was not obliged to repeal the offending legislation. The issue has not been yet been considered in light of the implementation of the European Convention on Human Rights Act 2003.

The use of Automatic Number Plate Recognition is being considered in Ireland. The system proposed would allow cars adjacent to Garda (police) vehicles to be automatically checked for outstanding motor offences and motor tax issues.[2931]

Identification Systems

In 1998, the Oireachtas passed the Social Welfare Act, which creates a unique personal identification number for use in dealing with public agencies. The Personal Public Service Number (PPSN) replaced the "Revenue and Social Insurance" (RSI) number that, for years, was used only for social welfare and tax purposes. Its operation has been strengthened and expanded in a piecemeal manner by Acts in 1999, 2000, 2002, 2003, and 2004. The PPSN is used as a unique personal identifier in communications between the individual and specified state agencies, such as government departments, hospitals, local authorities, and educational institutions. Employers may also use the PPSN for interaction with state bodies (most notably the Revenue Commissioners), while some state agencies have used the PPSN as a unique identification number for their own employees.[2932] Most recently, landlords have been permitted to seek tenants’ PPSNs for the purposes of registering with the Private Residential Tenancies Board, although there is no obligation on tenants to provide it.[2933]

The Act allows for the exchange of personal data between prescribed bodies in certain circumstances, and its provisions in this respect are expressly exempt from the Data Protection Act. The Register of users of the PPSN maintained by the Department of Social and Family Affairs (DSFA) bears testament to the zeal with which various state agencies have engaged in data matching and exchange exercises.[2934] It is an offence for anyone other than a state agency (or person or body acting on their behalf) to attempt to obtain an individual's PPSN. However, the wide-scale use of the PPSN suggests that identity theft may become an issue. The DPC criticized this scheme while it was debated, stating that "the proposed sharing of personal data, obtained and kept by legally separate entities, for such diverse purposes is fundamentally incompatible with . . . the basic tenets of data protection law."[2935] In February 2004, the DSFA issued a code of Practice on the use of the PPSN,[2936] which recognizes its potency and its status as personal data under the Data Protection Acts, but does not attempt to unduly constrain its use. The Garda and armed forces, at present, are prohibited from collecting and using the PPSN for matters other than those related to their own members. The Immigration Act of 2003, however, gives power to the Garda to use the PPSN in relation to non-EU nationals.[2937]

The development of the PPSN is part of a much larger project to modernize public services and develop a fully functioning e-Government. In 1999, an independent government agency, known as Reach, was established by government order to oversee this project, and progress since that date has been steady. Reach is charged with implementing a central Public Service Broker, which will be developed by BearingPoint Inc. The PSB will comprise three main elements: a) a user interface that will serve as a single point of access to public services, b) an XML-based framework that will allow data be shared asynchronously between public services, and c) a service fulfillment layer that will provide government agencies with a standard set of tools to deliver services electronically. Personal data about citizens will be held in secure vaults and be released to the public agencies in the course of particular transactions.[2938] Concern has been raised, however, about whether there are sufficient safeguards with the large number of agencies that will be able to access the "Inter Agency Messaging System" (IAMS). The currently IAMS is used to transfer life event information between the General Registrar's Office and the DSFA, and a more advanced version is used by the Department of Agriculture and Revenue Commissioners.[2939]

Every individual with a PPS Number is listed in the Central Records System (CRS). The CRS comprises of 5.5 million entries, and a further 500,000 dormant entries relating to people who no longer have reason to use their PPSN, either due to a failed asylum application or emigration.

Full access to the CRS is available to all employees of the Client Identity Services in the Department of Social and Family Affairs, while other departments may get limited access on the basis of making a "business case" to the Client Identity Services Section. The database is populated electronically by the General Registers Office.

Although at present the system does not incorporate an ID card per se, a Public Services Card (PSC) is being developed as an individual's key to access his or her personal data and the connected public services, using the PPSN as a unique identifier. In June 2004, the Minister for Social and Family Affairs, Mary Coughlan, announced the establishment of an expert group to report on a standardized framework to replace five separate state-issued cards with a single PSC. The terms of reference for this group include the investigation of whether such a card may "be used by the cardholder as a proof of age card and wider use by the cardholder as a secure token of identity generally."[2940] Michael McDowell, the previous Minister for Justice has also stated that UK ID card developments may necessitate an Irish ID card, due to the common travel area between the two countries.[2941] However, he said that he is not personally in favor of such a scheme and "the onus is on people who argue for it rather than against it."[2942]

The Irish government had previously chosen to comply with the US requirement of a biometric passport for visa waiver countries by providing a "secure printed digital photograph" without encoding any information electronically on the card. At the time it was the only European government to take this minimalist approach.[2943] Since then, however, the Irish government has introduced ePassports which are described by the Department of Foreign Affairs as follows: “While the new biometric passport will look much the same as its predecessor, it will have a microchip embedded in it which contains the digitized facial image and personal details of the passport holder as they appear on the data page. The microchip can be read electronically at border controls. The Government has no plans, at this stage, to include a citizen's finger prints.”[2944]

Voting Privacy

Voting is available to those 18 years or older, but is not obligatory.[2945] In February 2002, the government allowed the use of electronic voting to be tested in public elections. An Interim Report of the Commission on Electronic Voting, dated April 29, 2004, rejected the use of direct recording electronic (DRE) voting machines in the upcoming elections.[2946] The report states that "publication of ballot results in full . . . can in theory . . . allow voters to identify themselves in a context of corruption or intimidation,"[2947] which could undermine the integrity of an election. This e-voting technology report led to the decision to abandon electronic voting in Ireland for the June 2004 EU elections.[2948] Voting machines were once again left unused in the 2007 parliamentary elections and their future is uncertain.

Open Government

The Freedom of Information Act (the FOI Act) was approved in 1997 and went into effect in April 1997.[2949] The FOI Act creates a presumption that the public can access documents created by government agencies and requires that government agencies make internal information on their rules and activities available. The Office of the Information Commissioner enforces the Act. On April 11, 2003, the government passed a series of restrictive amendments to the Freedom of Information Act.[2950] The amending legislation was widely criticized by the opposition, press and, indirectly, by the Ombudsman. The amendments resulted in more central control over information and the restriction of all information, instead of just a subset. Specifically, the amendment: doubled the time-restriction on government records, regardless of content; introduced processing fees on information requests under the Act; broadened the definition of "government" under the Act; increased government exemptions to information requests; and granted ministers the ability to suppress information release, without appeal, by another ministry or public body. However, in the same year, the government endorsed Emily O'Reilly as the next Ombudsman and Information Commissioner; she is an outspoken critic of the recent amendments to the FOI Act.[2951] Ms. O'Reilly, a well-respected journalist, is the first replacement commissioner since the office was created. The Commissioner publishes an annual report describing her activities in the previous year, and reports are available on the Commissioner's website.[2952]

In a review of the operation of the amending legislation, Ms. O'Reilly found that overall use of the Act had fallen by 50 percent while requests for non-personal information fell by 75 percent. In relation to journalists using FOI Act, there had been an 83 percent drop in requests. The fees structure introduced by the amendment can largely be blamed for this sharp decline. The Information Commissioner has called for a reappraisal of fees, which can amount to EUR 240 when retrieval, internal appeal, and appeal to the Information Commissioner are considered.[2953]

International Obligations

Ireland is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108).[2954] It has also signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2955] Ireland has incorporated the Convention into domestic law by way of the European Convention on Human Rights Act 2003. In February 2002, Ireland signed the CoE Convention on Cybercrime.[2956] Ireland is also a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

[2890] Constitution of Ireland, available at <>.
[2891] 1974 I.R. 284.
[2892] 1984 I.R. 36.
[2893] 1987 I.R. 587.

[2894] Constitution of Ireland, supra.

[2895] European Commission, Press Release, "Data Protection: Commission Takes Five Member States to Court," January 11, 2000.

[2896] Section 2(a)(v).

[2897] Section 2(a)(i).
[2898] Section 2B as inserted by the 2003 Act.

[2899] Section 4.
[2900] Section 10.

[2901] Eighteenth Annual Report of the Data Protection Commissioner 2006, April 2007, available at <>.
[2902] See generally Data Protection Commissioner <>.

[2903] Eighteenth Annual Report of the Data Protection Commissioner 2006, supra.

[2904] The Data Protection (Registration) Regulations 2001.
[2905] Office of the Data Protection Commissioner, "Data Protection Commissioner Requires Telecommunications Industry and Internet Service Providers to Register," News Release, (January 9, 2001), available at <>.

[2906] Statutory Instrument No. 192 of 2002.
[2907] Directive 2002/58/EC, "Directive on Privacy and Electronic Communications," (July 12, 2002), available at <>.
[2908] Statutory Instrument No. 535 of 2003, available at <>.
[2909] Regulation 13 (1).
[2910] Regulation 13 (2).

[2911] Regulation 14.
[2912] The central phone directory that lists subscribers from all the telecommunications companies in Ireland.

[2913] A recent Accenture Report ranked Ireland in 11th place for the second year a row, available at <>.
[2914] See also, M. McDonagh and F. White, Electronic Signatures; the Legal Framework and the Market Reality in Ireland, Commercial Law Practitioner, (2003) 10 C.L.P.228-236 September 2003.
[2915] Ciaran Buckely, "E-government for everyone," Electric News Network, April 22, 2005, available at <>.

[2916] “ISPs Ordered to hand over user details - users not notified of case or given chance to make submissions,” Digital Rights Ireland, January 25, 2006, available at <>.
[2917] EMI v. Eircom, [2005] IEHC 233; Maguire v. Gill, Unreported, ex tempore, High Court, Hannah J., 5 October 2006.
[2918] EMI v. Eircom, supra; Ryanair v. Johnston, Unreported, Smyth J., 12 July 2006. Outlined in “High Court rejects Ryanair bullying claim,” The Irish Times, July 13, 2006.

[2919] "Republic Puts 'Spam' Burden on the Consumer," The Irish Times (June 29, 2001).

[2920] Interception of Postal Packets and Telecommunications Messages (Regulation) Act, June 6, 1993, available at <>.
[2921] "Apology for Phone Tapping," The Irish Times, October 26, 2001.
[2922] 1998 Report on "Privacy, Surveillance and the Interception of Communications (LRC 57 -1998), available at <>.

[2923] See McIntyre, "Data Retention: History and Current Developments," (2007) 2 Data Protection Law and Policy 14.

[2924] Karlin Lillington, "McDowell's Sneaky Data Law Heralds Surveillance State," Irish Times, March 25, 2005.

[2925] Section 4.

[2926] Kennedy and Arnold v. Ireland, 1987 I.R. 587.
[2927] Klass v. Germany, European Court of Human Rights, 2 EHRR 214, September 6, 1978.
[2928] Malone v.United Kingdom, European Court of Human Rights, 8691/79 ECHR 10, August 2, 1984.

[2929] [1996] 1 IR 580.
[2930] High Court, April 23, 2004, available at <>.

[2931] “Minister ducks questions on Number Plate Surveillance Scheme,” Digital Rights Ireland, available at <>

[2932] The Department of Education uses the PPSN as the main identifier on primary and post-primary teacher payrolls, while Cork County Council intends to use it for similar purposes.
[2933] Residential Tenancies Act of 2004, at s. 136(f), available at <>.

[2934] Register of users of the PPS Number, available at <>.
[2935] Irish Data Protection Commissioner, Annual Report, at 35 (1996); see also "Remarks by the Data Protection Commissioner on the Bill to the Dail Select Committee on Social, Community and Family Affairs" (March 4, 1998).
[2936] Personal Public Service Number Code of Practice, available at <>.
[2937] Immigration Act 2003, available at <>.

[2938] European Commission's IDA (Interchange of Data between Administrations) on Reach, "Building an E-government Services Broker in Ireland," available at <>.
[2939] For more information, see the Reach Services website at <www.reach,ie>.

[2940] Mary Couglan Minister for Social and Family Affairs, press release, "Simple Access to Public Services from the State on the Cards," June 29, 2004, available at <>.
[2941] Although a London School of Economics report disputes the necessity of such, "An Assessment of the UK Identity Cards Bill and its Implications," London School of Economics, March 2005, page 29, available at <>.
[2942] Carl O'Brien, "McDowell says ID cards may be introduced," Irish Times, January 17, 2005.

[2943] "US Lawmakers Question the Need for Microchips in European Passports," IDABC e-Government News, 26 April 2005, available at <>; however, it should be noted that the new type passport announced on December 10, 2004, will have a polycarbonate page capable of holding a chip of some description if one is introduced, see <>.
[2944] Department of Foreign Affairs, “ePassports Press Release”, October 4, 2006, available at <>.

[2945] CIA Country Fact Book, January 1, 2004, available at <>.
[2946] Interim Report of the [Ireland] Commission on Electronic Voting on the Secrecy, Accuracy and Testing of the Chosen Electronic Voting System. April 29, 2004, available at <>.
[2947] Id.
[2948] Mark Hennessy & Mark Brennock, "E-voting Abandoned for Elections in June," Irish Times, May 1, 2004, available at <>.

[2949] "Freedom of Information, 1997—Short Guide," Department of Finance, available at <>.
[2950] Freedom of Information (Amendment) Act (April 11, 2003), available at <>.
[2951] Mark Brennock, "Emily O'Reilly to be Appointed as State's Next Ombudsman," Irish Times, March 26, 2003, available at <>.
[2952] Freedom of Information Commissioner Annual Reports, available at <>.

[2953] Review of the Operation of the Freedom of Information (Amendment) Act 2003, available at <>.

[2954] Signed December 18, 1986; enacted May 25, 1990; entered into force August 1, 1990.
[2955] Signed November 11, 1950; enacted February 25, 1953; entered into force September 3, 1953.
[2956] Signed February 28, 2002.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback