Blogs

Self-regulation: Irish police database – “some sort of social media”

By EDRi · April 10, 2013

This article is also available in:
Deutsch: [Selbstregulierung: Irische Polizeidatenbank – quasi ein “soziales Netzwerk” | https://www.unwatched.org/EDRigram_11.7_Selbstregulierung_Irische_Polizeidatenbank_quasi_ein_soziales_Netzwerk?pk_campaign=edri&pk_kwd=20130410]

Alan Shatter, the Irish Minister of Justice, has demanded an end to the
abuse of the PULSE police database. In a sharply worded speech to the
Association of Garda [Irish police] Sergeants and Inspectors (AGSI)
conference, he said that it was necessary “to ensure that individuals
who have done no wrong do not have their privacy violated” and that in
no circumstances should the database “be used as some sort of social
network to be accessed out of curiosity by members of the Force”. The
incident provides several very important lessons for the current EU data
protection reform (Mr Shatter is the President-in-office of the EU
Justice Council).

The abuses of the database have been happening almost continuously since
the adoption of a “self-regulation” agreement in 2007. This means that
the enforcement of the law through “self-regulation” has led to six
years of abuses that could have been avoided.

This experience also shows how misguided the efforts are in the Council
and Parliament to remove the public sector from the Data Protection
Regulation. As important as it is to ensure that companies like Facebook
are effectively regulated, this is of limited value if public databases
can be abused so comprehensively and for so long due to failures of
incompetent national approaches.

The Minister’s statement highlights just how unfit for purpose the Irish
data protection regime has become. In the course of the six years of the
operation of the “self-regulation” regime, the data protection authority
expressed “disappointment” in its 2010 annual report and promised an
audit of the system. Two years later, in response to abuse of a
completely different database, the data protection commissioner
announced…. an audit of PULSE. Five months after the last promise of
action by the data protection commissioner, it is unsurprising that the
Minister said in his speech that he is turning to the police
commissioner to solve the problem.

Minister Shatter appears to be the first Irish Justice Minister ever to
take data protection seriously. Despite the financial crisis, he has
increased the data protection authority’s budget by 20% in one year,
leading to the appointment of specialist staff, including a chief
technology adviser, a legal adviser and additional support staff. He is
undoubtedly aware of the fact that resources alone will not change the
culture of the organisation overnight and that more fundamental changes
are almost certainly needed. Hopefully, these changes will be
facilitated by the current review of the European data protection
framework – if this is not derailed by excessive lobbying or
short-sighted politics.

2010 Irish DPA Annual report
http://www.dataprotection.ie/documents/annualreports/2010AR.pdf

Tax official used data on woman to proposition her (24.02.2012)
http://www.independent.ie/irish-news/courts/tax-official-used-data-on-woman-to-proposition-her-28822760.html

Minister Shatter stresses Government Support for the Office of the Data
Protection Commissioner (27.03.2013)
http://www.justice.ie/en/JELR/Pages/PR13000105

Address by Alan Shatter TD, Minister for Justice, Equality and Defence
on the occasion of the 2013 AGSI Conference (25.03.2013)
http://www.inis.gov.ie/en/JELR/Pages/SP13000102

(Contribution by Joe McNamee – EDRi)