Nama data case is ‘serious concern’

Michael and John O'Flynn.

By Pádraig Hoare

Nama’s failure to provide Cork property developers Michael and John O’Flynn with all personal data held on them is “stark and frightening for citizens”, a legal expert has said.

The two had complained in 2014 to Data Protection Commissioner Helen Dixon that Nama had failed to tell them what data they were holding onto.

This is despite around 2,000 pages of “highly confidential and personal” information being handed over to the state agency when the O’Flynn Group engaged with Nama in 2010 about restructuring its loans.

Ms Dixon ruled Nama was wrong in claiming data held relating to O’Flynn Group’s loans did not include personal data, and that Nama had not conducted reasonable and proportionate searches of its records to find such personal data as per the pair’s request.

She said Nama breached its obligations under data- protection law, and that the body “continues to fail and refuse” to supply the data requested by the men.

The O’Flynn versus Nama case suggests “we as citizens have serious cause for concern”, according to solicitor and data protection analyst, Noel Doherty.

These findings by the Data Protection Commissioner against a state agency are stark and frightening. We, as citizens, have the right to expect that state agencies comply with the law of the land.

He said most citizens would not have had the resources to fight such a case over four years.

“What is even more frightening is that this case was between a state agency and comparatively well- resourced individuals who had the ability to source the best advice and sustain the case over a prolonged period. What chance would an ordinary person have to resource such a fight against state agencies?” he said.

Mr Doherty said that the decision had implications for government legislation being considered to comply with the EU’s general data protection regulation, which comes into law in May.

The regulation makes it considerably easier for individuals to bring private claims against data controllers when their data privacy has been infringed. If organisations fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

However state agencies are exempt from the penalties in the Government’s new data protection bill.

Mr Doherty said: “The bill, as currently drafted, exempts state agencies from fines for breach of data protection regulations and provides the State with wide ranging and ill-defined exemptions from compliance with the law. There will, therefore, be no sanction applicable to state agencies.”

More in this Section

EU hits Google with new €1.49bn fine

Cork flights to US in doubt after ban on Boeing plane

Ireland selected as EU offshore wind testing site

Sterling and Irish bank shares hit by increased risk of no-deal Brexit


Everything you need to know about fashion movement #TheYeehawAgenda

Jack B. Yeats work looks to past and future

Ready for the big final? We go behind the scenes on Dancing with Stars

Skinny jeans: The trend that refuses to die

More From The Irish Examiner