Funds Quarterly Legal and Regulatory Update

On 1 July 2011 the Data Protection Commissioner (the "Commissioner") issued a Guidance Note to assist organisations comply with new data protection requirements in relation to electronic communications and networks following the commencement of the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations, 2011 (the "Regulations") which transpose the ePrivacy Directive.

Key requirements which have been introduced include the following:-

  • compulsory notification of data breaches by all telecommunication companies and internet service providers to the Office of the Data Protection Commissioner and notification of customers where there is a risk their data may be accessed. Failure to do so can lead to prosecution by the Commissioner and a possible fine of up to €5,000 per instance. The Commissioner can also, for the first time, prosecute such companies for allowing a data breach, which upon conviction on indictment attracts a fine of up to €250,000;
  • more stringent requirements for all companies relating to the provision of information and obtaining the consent of users for the placing of "cookies" on electronic devices, save in limited circumstances where the cookie is strictly necessary for the provision of the service in question. In practice this means that websites placing cookies on user equipment that are not deleted when the user leaves the website must identify a means of obtaining user consent; and
  • stricter requirements for the sending of electronic marketing messages and the making of marketing phone calls. For instance, it is now an offence for any company or entity to phone a person on their mobile phone for a marketing purpose without having obtained their prior consent for such contact. The requirements now extend to all forms of marketing carried out by means of a publicly available electronic communications service – including for example the soliciting of support for charitable organisations or political parties.

The guidance is available at www.dataprotection.ie.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.