Watchdog warns sites to toe line on data privacy

 

Irish websites will have to adopt "clear and straightforward" privacy policies or face prosecution. Together with other organisations collecting data, they will also face random audits to ensure they comply with data protection laws. At yesterday's introduction of the Data Protection Commission's website, www.dataprivacy.ie, its commissioner, Mr Joe Meade, said: "We are not trying to catch people out, but to ensure that they are complying with data protection rules." He says he intends to use his full legal powers to enforce compliance by organisations - including websites - that collect and hold data on individuals.

The commissioner plans to name in his report to the Oireachtas any organisations not complying with the existing Act and the Data Protection Directive, which comes into force early next year.

Additionally, he intends to introduce an order requiring websites to have prominently posted privacy policies. Most Irish organisations' websites have no privacy policy on their home pages - including the main Government website, Aer Lingus, the Central Bank, Bank of Ireland, AIB Bank, Eircom, Ireland On-Line, Indigo, the Irish Tourist Board and Ireland.com. Several of these sites request personal information from individuals.

Mr Meade notes that Irish websites collecting data and passing them along to third parties - even if those parties have business ties to the website - are violating the 1988 Data Protection Act.

"The best way data can be obtained is against a clear privacy policy statement," added assistant commissioner Mr Ronnie Downes. "The privacy environment for individuals is now undergoing a sea change, with the increased popularity of Web-browsing and the era of e-commerce. This change involves new challenges for a privacy authority," Mr Meade said. In the coming year, the office would have to take account of further telecommunications deregulation, greater use of the Internet, the increased ability of computers to collate information on individuals and the demands of the new directive, he said.

The commissioner said he also had to weigh the right of individuals to privacy against demands from European security services, such as Europol. Security services in the Republic, however, were required to comply with national data protection laws.