A failure by the Government to legislate to give people a right to compensation if their personal data is abused could leave the State open to a claim for damages, according to a law professor at Trinity College Dublin.
Prof Eoin O’Dell warned it will also lead to “great uncertainty” in the law. He was commenting on the general scheme of the Data Protection Bill 2017 published by Tánaiste Frances Fitzgerald earlier this month.
The Bill will give further effect in Irish law to the EU General Data Protection Regulation (GDPR) and would also implement the associated data protection directive for law enforcement bodies.
In a paper on remedies for invasion of privacy in Irish law, Prof O’Dell said it was not clear that the relevant article in the EU regulation providing for the right to compensation was directly effective or whether it needed implementing national legislation.
Unusual
Separately, in a blog post on the compensation issue, Prof O’Dell noted the right to compensation in a regulation was unusual but not unique as a matter of EU law.
The Court of Justice of the European Union had provided an “expansive interpretation” of the right to compensation in the flight compensation directive.
Prof O’Dell said a similarly expansive interpretation of the GDPR provision was “probably inevitable” if the court was asked.
“But unless and until it is, there is the potential for great uncertainty,” he wrote.
“It would therefore be better to have this matter settled by legislation rather than leaving it to the vagaries of litigation to – and in – the CJEU. In the meantime, a failure to enact such legislation could leave the State open to a claim for damages from someone who suffered loss by reason of the State’s failure to give further effect to Article 82(1) GDPR.”
Fervent
Prof O’Dell also said it was his “fervent hope” that the national legislation would also repeal the Data Protection Acts 1988 and 2003 and that the new Bill would provide a single one-stop-shop for all Irish law on data protection.
Prof O’Dell delivered his paper at the annual data protection conference of the Irish Centre for European Law at Trinity College at the Royal Irish Academy in Dublin.
Other speakers included Cian Ferriter SC, legal adviser to the Data Protection Commissioner Anna Morgan, Claire Morrissey of A&L Goodbody, John Magee of William Fry, Prof Andrew Murray of the London School of Economics, Rosemary Jay of Hunton & Williams and Richard Thomas of the Centre for Information Policy Leadership.