Justice officials tried to keep Data Protection Commissioner’s files secret

Submission on Freedom of Information law said multinationals needed guarantee of confidentiality

Data Protection Commissioner: Helen Dixon insists that her office is entirely independent from the Government. Photograph: Cyril Byrne

Data Protection Commissioner: Helen Dixon insists that her office is entirely independent from the Government. Photograph: Cyril Byrne

 

The Department of Justice sought to have the audit files of the Data Protection Commissioner barred from public disclosure to protect guarantees of confidentiality to multinational firms based in Ireland.

The office of the commissioner is responsible for regulating Facebook, LinkedIn, Twitter and Apple, among other companies, which hold personal data on hundreds of millions of EU citizens. As a “partially included” body under the Freedom of Information Act the office is exempt from disclosing its records other than those to do with general administration.

That exemption was recently upheld by the Information Commissioner, Peter Tyndall, who ruled that records concerning the lobbying of the data regulator by Yahoo and other multinationals did not have to be made public.

In a submission when the Freedom of Information Bill was going through the Oireachtas, in February 2014, the department argued that the office’s “informal” approach to resolving complaints, as mandated by law, would be “greatly inhibited” by making its files potentially subject to public disclosure. The submission, which it states represents the “considered view” of both the department and the Office of the Data Protection Commissioner, was released under the Freedom of Information Act to journalists at the Right to Know transparency organisation.

The department said the commissioner needed to be able to guarantee multinationals based in Ireland “absolute confidentiality” as it carried out its work, including audits and compliance advice. This would enable the companies to resolve any compliance issues “in discussions with them, before a problem escalates to a level requiring the use of enforcement powers”, the submission said.

Without that guarantee “exchanges will become much more formalised, the multinationals will seek protection behind their legal advisors, and the relationships will be much less productive and more litigious”.

In an email to civil servants working on the Bill in August 2013 the data-protection commissioner at the time, Billy Hawkes, said he was not certain that correspondence with the Attorney General’s office “offers the level of comfort we need to be able to clearly assert to multinationals etc that we can block-exclude our files dealing with complaints, investigations and audits – as well as advice sought and given in confidence – without having to justify the exclusion on a record-by-record basis”.

The Office of the Data Protection Commissioner was ultimately listed in the Act as a partially included agency. The list also includes the Central Bank of Ireland, An Garda Síochána, the Information Commissioner, EirGrid, ESB Networks, the Labour Court, the National Treasury Management Agency and the Office of the Director of Corporate Enforcement.

The current commissioner, Helen Dixon, says that the office is entirely independent, as did Mr Hawkes. Minister for Data Protection Dara Murphy has also defended the commissioner’s office and said it was completely independent of the Government.

In January last year the privacy lobby group Digital Rights Ireland launched a legal action against the Government, challenging whether the office is truly an independent data authority under European Union law.