Coverage of some of the structures of the Insolvency Service of Ireland has been rattling through my ears while I work the past few days. What Iâ€™ve heard gives rise to an unsettling feeling that the architects of the scheme have decided that the insolvent are a form of unter-mensch for whom some of the fundamental rights that EU citizens enjoy are either put on hold or entirely foregone.
Data protection is a fundamental right in Europe, enshrined in Article 8 of the Charter of Fundamental Rights of the European Union, as well as in Article 16(1) of the Treaty on the Functioning of the European Union (TFEU). As a fundamental right, according to the EU Commission it â€œneeds to be protected accordinglyâ€.
Some of what I have heard I can only hope is half-informed speculation, but I fear it may be grounded in reality.
- Publication of personal data including name, address, and date of birth on a public register of insolvents. This is problematic as it creates a risk of identity theft in my view. Also â€“ what is the purpose for which this data is being published? How could the same objective be met without putting personal data privacy at risk of unauthorised access? How is this compatible with s2(d) of the Data Protection Acts which require appropriate measures to be taken to keep data safe and secure?
- Retention of data on the register after a scheme has been exited. It is rumoured that the details of people listed on the register mentioned above would have their details retained indefinitely. Why? How is this compatible with the requirement under the Data Protection Acts (and the underlying Directive) to retain data no longer than is necessary for the purpose? How would it be compatible with the requirement under the proposed General Regulation for Data Protection to give citizens of the EU a â€œRight to be forgottenâ€? What is the function/purpose of retaining information once the agreed scheme has been completed?
- Section 186 of the legislation purports to exempt the Agency from Section 4 of the Data Protection Acts. This is the section that allows individuals to get copies of information held about them by Data Controllers. It is a right that is derived from Directive 95/46/EC. While there are grounds under Article 13 of the Directive for a member state to limit subject access requests where it impacts economic or financial interest of the State, I’m at a loss to see how a response to a Subject Access Request for a single person or class of people might impact our economic and financial interests as a State. The test is that the restriction must be necessary not nice to have. Of course, if things are so precarious that a Subject Access Request will tip the economy into a death spiral, then perhaps the Irish people should be told this.
There is a significant imbalance in rights and duties emerging here. Particularly when compared with the secrecy of NAMA and the closeness with which the privacy of significant contributors to the exuberance of the Boom times has been guarded by that Agency. There is also a suggestion that Data Protection rights are optional extras that can be mortgaged as part of entering the process.
I really do hope Iâ€™m wrong about all of this and it is not the data black hole that it appears to be and that personal data privacy will continue to be respected as a fundamental right. After all, when youâ€™ve lost everything else, things like that can be very important.