Nama data case is ‘serious concern’

Nama data case is ‘serious concern’
Michael and John O'Flynn.

By Pádraig Hoare

Nama’s failure to provide Cork property developers Michael and John O’Flynn with all personal data held on them is “stark and frightening for citizens”, a legal expert has said.

The two had complained in 2014 to Data Protection Commissioner Helen Dixon that Nama had failed to tell them what data they were holding onto.

This is despite around 2,000 pages of “highly confidential and personal” information being handed over to the state agency when the O’Flynn Group engaged with Nama in 2010 about restructuring its loans.

Ms Dixon ruled Nama was wrong in claiming data held relating to O’Flynn Group’s loans did not include personal data, and that Nama had not conducted reasonable and proportionate searches of its records to find such personal data as per the pair’s request.

She said Nama breached its obligations under data- protection law, and that the body “continues to fail and refuse” to supply the data requested by the men.

The O’Flynn versus Nama case suggests “we as citizens have serious cause for concern”, according to solicitor and data protection analyst, Noel Doherty.

These findings by the Data Protection Commissioner against a state agency are stark and frightening. We, as citizens, have the right to expect that state agencies comply with the law of the land.

He said most citizens would not have had the resources to fight such a case over four years.

“What is even more frightening is that this case was between a state agency and comparatively well- resourced individuals who had the ability to source the best advice and sustain the case over a prolonged period. What chance would an ordinary person have to resource such a fight against state agencies?” he said.

Mr Doherty said that the decision had implications for government legislation being considered to comply with the EU’s general data protection regulation, which comes into law in May.

The regulation makes it considerably easier for individuals to bring private claims against data controllers when their data privacy has been infringed. If organisations fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

However state agencies are exempt from the penalties in the Government’s new data protection bill.

Mr Doherty said: “The bill, as currently drafted, exempts state agencies from fines for breach of data protection regulations and provides the State with wide ranging and ill-defined exemptions from compliance with the law. There will, therefore, be no sanction applicable to state agencies.”

More in this Section

Chamber survey shows business confidence has reboundedChamber survey shows business confidence has rebounded

Tourism faces 'devastation' if no State boostTourism faces 'devastation' if no State boost

Vaccine hopes boost Covid-hit stock marketsVaccine hopes boost Covid-hit stock markets

EU opens new front for Ireland as court overrules Apple's €13bn tax rulingEU opens new front for Ireland as court overrules Apple's €13bn tax ruling


The single had risqué lyrics, but it helped turn Gina, Dale Haze & the Champions into starsB-Side the Leeside: Gina and 'You're the Greatest Lover'

The actor is back with a new series of the semi-autobiographical In The Long RunIdris Elba's personal project: ‘Wow, this really was my life’

The former Glenroe star has a new musical projectQuestion of Taste: Cork actor and musician Liam Heffernan answers our quick-fire questions

During the first few years of my daughter’s life, I made a point of reading up on age milestones and tips for certain agesMum's the word: Slamming doors and new independence - welcome to the tween years

More From The Irish Examiner