Irish DPA announces action on failed police self-regulation
This article is also available in:
Deutsch: Fehlgeschlagene Selbstregulierung bei der Polizei: Irische Datenschutz...
Apparently illegal abuses of the Irish police (“An Garda Síochána”) database show no sign of being brought to an end, despite repeated announcements on the issue by the Irish Data Protection Commissioner (DPC).
Problems with the possible abuse of the database were identified over five years ago, leading to a self-regulatory “code of practice” being drawn up by the DPC and the Irish police force in 2007. In the foreword of the Code, the DPC said that the Code was “designed to give operational meaning to the principles of data protection set out in European and National law,” adding that he was confident that the “Code will make a significant contribution to improving knowledge and understanding of data protection within An Garda Síochána.” The Code covered the oddly named PULSE (Police Using Leading Systems Efficiently) database.
Unfortunately, self-regulation was less successful than the Commissioner appears to have expected. In November 2010, the annual report of the judge tasked with overseeing the Irish data retention system described a case where a police sergeant, working in the Garda intelligence division, had abused her position by accessing the phone records of her former boyfriend. Despite this, the police officer in question kept her job and rank and was moved to a position in the Irish special branch – where she continues to have access to sensitive data .
The apparent abuses continued, leading to the Commissioner, in his annual report for 2011, stating that despite repeated engagements from the police on this issue, the monitoring of access to the database “falls short of the standards that we expect”. As a result, in March 2012, the Commissioner announced plans for an audit of the use of the PULSE system.
The discovery of cases of apparently illegal use of the database by the police force in 2010 did not lead to any obvious improvements. In August 2011 press reports indicated that the PULSE database was being abused by members of the police force in order to do illegal background searches for reasons as diverse as checking the history of men that their daughters were dating to the accident history of cars that they were thinking of buying. As a result of these revelations, the Data Protection Commissioner rapidly announced... again... that he was going to launch an audit of police use of the database.
Subsequently, in October 2012, the Irish DPC acted quickly in response to an abuse of the Irish tax database – by announcing a plan to undertake an audit of... the (unrelated) PULSE database.
All of which goes to show, if you have nothing to hide, you've nothing to fear, because you're probably dead.
October 2012 announcement: “Tax official used data on woman to
proposition her” (24.10.2012)
August 2011 announcement: “Gardaí use database to check up on daughters’
March 2011 announcement: Twenty-second annual report of the Data
Protection Commissioner 2010
2007 Code of Practice
(Contribution by Joe McNamee - EDRi)