The Data Protection Commissioner has said she “can’t see any reason” why the introduction of GDPR should prohibit the Government from publishing pension payments to former senior office holders.
Last November opposition politicians accused the Government of “hiding” behind GDPR to prevent transparency and accountability after it emerged it will no longer release details of pension payments to former ministers.
However, speaking upon the launch of her office’s annual report, Data Protection Commissioner Helen Dixon has said she does not see any difference under GDPR that would prohibit the release of the details.
“The first thing to say is this while the GDPR is a game-changing piece of legislation, its fundamental principles are the same as the legislation we've had in Europe and in Ireland for the last 30 years on data protection,” Ms Dixon said.
“So it's very unclear from the story that we read as to what's new in terms of the application of the principles in that case. So it's impossible for me to say on the face of it, I can't see any reason and any difference in terms of the principles under the GDPR that would have led to that conclusion.
“In that case, if ministerial pensions were being published up to the GDPR, the question that arises is what has changed, and nothing has changed,” she told Today with Sean O’Rourke on RTE Radio 1.
“Public sector bodies are not good either often at stating the legal basis they have for collecting information or then stating the basis upon which they've concluded that the GDPR constitutes the reason no longer to do something. So it's about analysis and clarity of analysis,” she said.
In broader terms, Ms Dixon said she believes the implementation of GDPR has gone well.
The annual report has shown that 4,113 complaints were received by her office in the 2018 calendar year, a 56% increase 2,642 received in 2017.
However, Ms Dixon said the rising number of complaints is a positive as it shows the public are becoming more aware of data protection issue.
“We know from the organisations that we supervise that they're telling us that they're getting far more engagement from members of the public around exercising their rights to access their information, rights to delete their information in certain circumstances, and that in turn, then is translating into more complaints to our office.
“Also positive in one sense is the increase in breaches notified to the authority. While of course, we want to eliminate and cut down the number of breaches, it's positive that organizations have accepted their new mandatory obligation under the GDPR to report breaches that pose risks to the office within 72 hours of becoming aware.
“One of the other key statistics coming out of the report as well that's new is the appointment of data protection officers in lots of organisations, public sector organisations in Ireland, and big data processing private sector organisations.
"We've had over 900 of these new data protection officers appointed and these are individuals with expertise now embedded in organisations that are really going to be driving these better outcomes on the ground,” Ms Dixon said.
She said analysis of the breaches reported to her office shows human error still plays a large role.
“There are a lot of unauthorized disclosures happening from the banking sector and the insurance sector in particular where post is redirected with sensitive medical reports and financial statements, etc. We're also seeing cases related to simple uses of email and auto filling email addresses giving rise to a lot of of the breaches that are notified. And then of course, we're seeing very big systemic types of breaches that are happening with some of the bigger internet companies,” she said.