Postcode privacy rights provision ‘useless’
Digital Rights Ireland’s comments on the bill published by the Department of Communication, Energy, and Natural Resources (DCENR) comes as the Data Protection Commissioner also acknowledged the wording of the bill governing the use of Eircode, but reiterated its preference for a different design of postcode.
“It is a great step forward that privacy is being considered at all by DCENR in relation to this issue,” said Antoin O’Lachtnain of Digital Rights Ireland.
“However, what is proposed is completely useless in practical terms and will not provide any protection for citizens. Minister [Alex] White has to decide whether he really values citizens’ privacy, or if he is content to pay lipservice to it.
“The laws described are toothless. There is no enforcer, and there is no penalty for breaking the law. It is not an offence. The law will not be effective at all outside of Ireland and certainly not outside of the European Union. There is simply no reason to obey it,” he said.
“If someone’s privacy is breached as a result of breaking these rules, that person won’t be able to get compensation, unless they can prove damage, which is basically impossible,” he said.
“The main beneficiary of the law will be Eircode, which will get extra rights to enforce its licence in the statute. Normally these rights would be covered by the licence contract.
“It would be a lot better if the design were modified to make it more privacy-friendly. The code could be easily changed to facilitate this, whilst still maintaining all the benefits of the code.
“There is a lot of important legislation to be dealt with and if the design provided a normal level of protection for personal data, this change would not have been required at all.”
DCENR published the wording of the Communications Regulation (Postal Services) (Amendment) Bill this month in the hope that the proposed legislation would quell concerns about the privacy implications.
While DCENR officials have hailed Eircode’s design as a “work first” and “future- proof”, both the Data Protection Commissioner and Digital Rights Ireland previously aired their concerns around the untested postcode.
In its explanatory memorandum on the bill, DCENR says it aims to ensure that “the public interest is satisfied in relation to the undertaking of legitimate postcode activities so that the processing of any personal data in postcode enabled databases is in compliance with the Data Protection Acts.”
However, responding to the legislation wording, the Data Protection Commissioner also reiterated its preference for a different postcode design.
“The DPC views this legislation as essential in terms of underpinning the implementation and operation of the Eircode system and ensuring that essential data protection safeguards are in place,” a spokesperson for the Data Protection Commissioner said.
“While the position of the DPC would have been that a “cluster-based” postcode model would have posed less risk from a data protection point of view, it accepts that it is the role of Government to make balancing decisions and, in this instance, the necessity of providing a solution to the issue of the large proportion of non-unique addresses in Ireland was a significant factor.”
CONNECT WITH US TODAY
Be the first to know the latest news and updates
