EU ministers to consider warnings first, sanctions later, for data breaches

Irish data protection commission denies it is weak on sanctions

By Jennifer Baker, IDG News Service |  IT Management

European Union justice ministers will consider a "two-strikes" rule for data breaches.

The Irish Presidency of the European Council on Monday published a paper on the protection of citizens' personal data that will be discussed at Justice and Home Affairs Council in Dublin on Thursday and Friday.

The paper asks European justice ministers to consider whether sanctions, such as fines, "should be optional or at least conditional upon a prior warning or reprimand."

According to European digital rights group EDRi, such a system would not protect citizens' fundamental rights. "Warnings would have to be issued first, after citizens' fundamental rights were abused, giving companies and state authorities carte blanche to breach our rights until -- at the earliest -- the data protection authority twice found a company to be in breach of the law. In other words, do what you want, the worst that can happen is that you will receive a warning," said the organization in statement on its website.

EDRi cited the case of the Irish Data Protection Commissioner's investigation into the Irish police force's PULSE database as an example of what can go wrong under such a plan. "Based on the current situation in Ireland, companies can do whatever they want with personal data, without fear of sanction," said the organization.

But the Irish Data Protection Commissioner's office on Tuesday strongly denied these allegations.

In 2007, the Irish Data Protection Commissioner (DPC) agreed to allow the Garda Síochána -- the Irish police force -- to self-regulate the operation of its database, which contains substantial amounts of private and sensitive information. However, despite several complaints to the DPC and official reports stating that abuses were taking place, the DPC waited until 2012 to audit the PULSE database.

EDRi said that "from what we can tell, the DPC chose yet again not to take enforcement action against the ongoing breaches of citizens' fundamental rights. In the meantime, we can only assume that the abuses continue unabated."

Police were accused of running background checks on people their family members are involved with and checking the accident history of cars they're thinking of buying. One police officer was found to have accessed personal data of her ex-boyfriend.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

IT ManagementWhite Papers & Webcasts

White Paper

ACM Leadership Guide

Webcast On Demand

Data Breaches - Don't Be a Headline

Sponsor: Absolute Software Corporation

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness