property tax and the data protection act

donegal_road

just a quick question... does the data protection act mean that no one, including government, has the rights to access individual's personal information? If so, then why were the government threatening to use ESB accounts and welfare details to identify people who hadn't paid the property tax, or register their property? Surely they would not be allowed to do this under the rules of the Data Protection Act?

oscarBravo

donegal_road wrote: »

just a quick question... does the data protection act mean that no one, including government, has the rights to access individual's personal information?

Not really, no. The DPA isn't a simplistic statement that all personal information is completely and perfectly private.

It's worth reading the actual Data Protection Act 1988, as amended by the 2003 act - section 8(b) in particular seems to apply:

8.— Any restrictions in this Act on the processing of personal data do not apply if the processing is—

[...]

(b) required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders or assessing or collecting any tax, duty or other moneys owed or payable to the State, a local authority or a health board, in any case in which the application of those restrictions would be likely to prejudice any of the matters aforesaid...

Dirk Gently

The data commisioner ok'ed it so long as the information was destroyed shortly there after. Not sure what the point of having a data protection commissioner is if he allows the info to be passed on so long as they destroy the info after they've extracted what they need.

oscarBravo

Dirk Gently wrote: »

The data commisioner ok'ed it so long as the information was destroyed shortly there after. Not sure what the point of having a data protection commissioner is if he allows the info to be passed on so long as they destroy the info after they've extracted what they need.

The point of the DPC is to enforce the law relating to data protection. If the law allows for disclosure of data for the purposes of tax collection (which it appears to) then the DPC is doing his job.

donegal_road

this was posted on the Donegal forum yesterday..

http://www.sinnfein.ie/contents/22978#.T43l7LMQNkU.facebook

Manach

My own take on the DPA's exception in section 8 is that it would be meant to applied where the person was known not to be tax compliant already, thus the State could act in that case. For the property tax, this would a data gathering exercise from the targeted database, say ESB's, and as there would be no absolute correlation between data held on the database and tax compliant liability for the property tax - it amounts to a data fishing trip by the State.
Given that the DP act is derived from an EU directive, this could be argued to be a breach of the said directive and thus beyond the data commissioner's remit to absolutely state if such breaches are permitted. My 2c anyway.

oscarBravo

Manach wrote: »

My own take on the DPA's exception in section 8 is that it would be meant to applied where the person was known not to be tax compliant already, thus the State could act in that case.

Clearly, the DPC - for whom interpreting the DPA is what he does for a living - has a different take on it.

For the property tax, this would a data gathering exercise from the targeted database, say ESB's, and as there would be no absolute correlation between data held on the database and tax compliant liability for the property tax - it amounts to a data fishing trip by the State.
Given that the DP act is derived from an EU directive, this could be argued to be a breach of the said directive and thus beyond the data commissioner's remit to absolutely state if such breaches are permitted. My 2c anyway.

I've seen some strange claims made in relation to the household charge, but that the interpretation of the DPA is beyond the remit of the DPC - a role created by the same act - is a new one on me.

gizmo555

oscarBravo wrote: »

Not really, no. The DPA isn't a simplistic statement that all personal information is completely and perfectly private.

It's worth reading the actual Data Protection Act 1998, as amended by the 2003 act - section 8(b) in particular seems to apply:

I suppose the operative word there is "required" - the DPC has made it clear that whatever use is made, for example, of ESB customer data cannot go beyond what is strictly required to collect the charge - that would exclude "fishing trips".

Manach

oscarBravo wrote: »

Clearly, the DPC - for whom interpreting the DPA is what he does for a living - has a different take on it. I've seen some strange claims made in relation to the household charge, but that the interpretation of the DPA is beyond the remit of the DPC - a role created by the same act - is a new one on me.

To clarify, the act itself is based on an EU directive. The DPC could say for instance that a certain interpretation of an action is allowed under the DPA, but that this interpretation might not be the equivalent to the meaning under the source EU directive - which would have a higher standing in EU law.

Victor

Data Protection Act is largely irrelevant in this case.

http://www.oireachtas.ie/documents/bills28/acts/2011/a3611.pdf

Sction 14, Local Government (Household Charge) Act 2011 wrote:

Data sharing and exchange.

14.—(1) Notwithstanding any enactment or rule of law—
(a) a relevant person shall, upon a request from a local authority, provide the local authority with such information in the possession or control of the relevant person or, where the relevant person is a body corporate, any subsidiary (within the meaning of section 155 of the Companies Act 1963) of the relevant person as the local authority may reasonably require for the purpose of enabling the local authority to perform its functions under this Act,
(b) a local authority shall, at such intervals as the Revenue Commissioners may specify, provide the Revenue Commissioners with such information obtained by the local authority pursuant to this Act, including tax reference numbers, as the Revenue Commissioners may reasonably require for the purpose of enabling them to perform their functions under a specified enactment, and
(c) a local authority shall, upon a request from, and at such intervals as may be specified by, a Minister of the Government, a local authority or a prescribed person, provide the Minister of the Government, the local authority or the prescribed person, as may be appropriate, with such information obtained by the local authority pursuant to this Act as the Minister of the Government, the local authority or the prescribed person concerned may reasonably require for the purpose of enabling him or her to perform his or her functions.

(2) The Minister shall not prescribe a person for the purposes of paragraph (c) of subsection (1) unless he or she is satisfied that the provision by a local authority of information obtained by the local authority pursuant to this Act to such person will assist the person in discharging a function conferred on, or delegated to, him or her by or under any enactment.

(3) In this section—
“Act of 2010” means the Value-Added Tax Consolidation Act 2010;
“relevant person” means—
(a) the Private Residential Tenancies Board established under section 150 of the Residential Tenancies Act 2004,
(b) the Electricity Supply Board established in accordance with the Electricity (Supply) Act 1927,
(c) the Revenue Commissioners,
(d) the Minister for Social Protection, or
(e) any other person standing prescribed for the time being;

“specified enactment” means—
(a) the Tax Acts,
(b) the Capital Gains Tax Acts,
(c) the Act of 2010,
(d) the Stamp Duties Consolidation Act 1999, or
(e) the Act of 2003;

“tax reference number” means—
(a) in relation to an individual, that individual’s personal public service number (within the meaning of section 262 of the Act of 2005), or
(b) in relation to a body corporate—
(i) the reference number stated on any return of income form or notice of assessment issued to that person by an officer of the Revenue Commissioners, or
(ii) the registration number of the body corporate for the purposes of the Act of 2010.

gizmo555

Manach wrote: »

To clarify, the act itself is based on an EU directive. The DPC could say for instance that a certain interpretation of an action is allowed under the DPA, but that this interpretation might not be the equivalent to the meaning under the source EU directive - which would have a higher standing in EU law.

First of all, it's the Data Protection Acts which have the direct force of law in Ireland, not the 95/46/EC directive. Secondly, the directive was specifically drafted to allow for some variation in how it is interpreted in different member states. Lastly, as Victor points out, the Household Charge Act makes this discussion largely irrelevant.

Manach

gizmo555 wrote: »

First of all, it's the Data Protection Acts which have the direct force of law in Ireland, not the 95/46/EC directive. Secondly, the directive was specifically drafted to allow for some variation in how it is interpreted in different member states. Lastly, as Victor points out, the Household Charge Act makes this discussion largely irrelevant.

In response, my understanding is in some areas that EU law has a higher standing than Irish law, as per Art 29 of the constitution. Given this is an implemented EU directive, this probably qualifies.
You are correct that a directive needs in normal circumstances to be implemented in a member state, and it is up to the state how to draft it. However, because of this very flexiblity to draft directives, it might not be properly implemented. An example of this this would be the case of Von Colson and Kamann. Here it was determined that the member state court could interpret and apply the act in light of the original directive.

Thus if there was a such challenge to the DPA, a Judge might indeed decide what the Government wishes to do is perfectly fine, within the meaning of the directive and non disproportional to the original directive. But till then I reckon that this option does remain open.

gizmo555

Manach wrote: »

In response, my understanding is in some areas that EU law has a higher standing than Irish law, as per Art 29 of the constitution. Given this is an implemented EU directive, this probably qualifies . . .

Thus if there was a such challenge to the DPA, a Judge might indeed decide what the Government wishes to do is perfectly fine, within the meaning of the directive and non disproportional to the original directive. But till then I reckon that this option does remain open.

OK, but even in the judge did refer directly to the directive this is what Article 7(c) says:

Member States shall provide that personal data may be processed only if . . .

(c) processing is necessary for compliance with a legal obligation to which the controller is subject . . .

The Oireachtas having created, as Victor pointed out, a legal obligation in the Household Charge Act for the ESB et al to hand over the data, Article 7(c) applies and no breach of the directive arises.

Dannyboy83

donegal_road wrote: »

just a quick question... does the data protection act mean that no one, including government, has the rights to access individual's personal information? If so, then why were the government threatening to use ESB accounts and welfare details to identify people who hadn't paid the property tax, or register their property? Surely they would not be allowed to do this under the rules of the Data Protection Act?

I have a slightly unusual surname (Irish) , which occasionally gets mangled by various companies.

On a few different occasions, Eircom have badly mangled my surname and I've then received a letter from the TV License leeches, using the exact same mutation of my actual surname...I would put very little faith in the Data Protection Act when it comes to the state sector.

gizmo555

Dannyboy83 wrote: »

I have a slightly unusual surname (Irish) , which occasionally gets mangled by various companies.

On a few different occasions, Eircom have badly mangled my surname and I've then received a letter from the TV License leeches, using the exact same mutation of my actual surname...I would put very little faith in the Data Protection Act when it comes to the state sector.

Had a similar situation when I moved house a few years ago. I signed up for An Post's mail redirection service and within a week of moving in, got a letter addressed to me by name at the new house from the TV Licence section of An Post. The only way I can think of that they could have known of my new address is from the redirection service - I hadn't even registered to vote yet.

What Data Protection Commissioner Billy Hawkes has made clear in this case is that the LAs are only to be given the minimum information necessary to fulfill their obligations under the Household Charge Act, that the information is not to be used for any other purposes and that it's to be deleted once the registration process is complete.

Dannyboy83

gizmo555 wrote: »

What Data Protection Commissioner Billy Hawkes has made clear in this case is that the LAs are only to be given the minimum information necessary to fulfill their obligations under the Household Charge Act, that the information is not to be used for any other purposes and that it's to be deleted once the registration process is complete.

There is an interesting article here on Fair obtaining and Section 8 which bypasses the rules:
http://blogs.ics.ie/dp/2010/09/28/dept-of-social-welfare-using-facebook-for-fraud-investigations/

Under Section 8, it seems they are allowed to obtain details through Facebook and so on, seems there is little off limits really.

(Amazes me that they can go to these lengths, but yet they cannot co-ordinate information between the Dept of Social Welfare and Revenue)

Victor

Dannyboy83 wrote: »

On a few different occasions, Eircom have badly mangled my surname and I've then received a letter from the TV License leeches, using the exact same mutation of my actual surname...I would put very little faith in the Data Protection Act when it comes to the state sector.

Eircom isn't in the state sector.

gizmo555 wrote: »

Had a similar situation when I moved house a few years ago. I signed up for An Post's mail redirection service and within a week of moving in, got a letter addressed to me by name at the new house from the TV Licence section of An Post. The only way I can think of that they could have known of my new address is from the redirection service - I hadn't even registered to vote yet.

An Post was fulfilling its obligations in collecting a tax.

Dannyboy83

Victor wrote: »

Eircom isn't in the state sector.

Yes, but the TV License authority are.

gizmo555

Victor wrote: »

An Post was fulfilling its obligations in collecting a tax.

To begin with, I should make clear that I don't know for sure that An Post's redirection service passed on my new address to its TV licence collection department - it might just have been coincidence . . .

If it did though, An Post's obligation to collect the licence fee is a contractual one, not a legal one, i.e., not an obligation specifically placed on it by statute. I seriously doubt therefore that it could rely on Article 7(c) for this use of my address data.

Then, if it did rely on Art. 7(c), it would have to show that its use was "necessary" - in other words, that it couldn't fulfill its obligations without using my data in this way. It can't just do it because it has the data for one purpose and it's convenient to use it for another. This type of "scope creep" is precisely what the Data Protection Commissioner is concerned to prevent in the handover of ESB meter data, etc. to local authorities.

Victor

Dannyboy83 wrote: »

Yes, but the TV License authority are.

Where do you think they got the data?