Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Cross Border Data Protection Hypothetical

  • 25-09-2014 6:47pm
    #1
    Robbo
    Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 10,587 Mod ✭✭✭✭


    I was mulling over a hypothetical with some colleagues recently and would like to open it up to the group here. I thought it would be interesting to kick it around here, especially given that the Irish Water debacle has shown there are a lot of strong views about Data Protection issues.

    Cedric is a customer of Megabank, who have operations in numerous EU Member States. Cedric is involved in a dispute with Megabank and makes a Data Protection Request in his home Member State (Aardvarkland), where all business has been conducted through Megabanks subsidiary in that Member State.

    Megabank, in purporting to comply with the request send information back to Cedric from their EU HQ in Bananaland. They do so by putting several reams of paper into a flimsy envelope and posting it as cheaply as possible. This envelope ruptures in a Bananaland Postal Service sorting office and the Postal Service may or may not have lost some of the contents, all of which is personal financial information of a sensitive nature.

    Megabank do not send a schedule of the information sent and the Postal Service of Bananaland repackage the ruptured envelope as best they can. They send Cedric a note saying "Sorry and all that, but we can't be sure anything was or wasn't lost on the sorting room floor".

    From previous dealings with Megabank, Cedric is certain that what was sent is somewhat shy of what should have been sent in order to properly comply with the Data Protection request. Whether this is through poor Data Protection practices within Megabank or due to material being lost by the Postal Service, he isn't sure.

    It appears at all times, the data has been stored and processed in Bananaland at Megabank HQ. From a forum shopping point of view, the Data Protection regime in Bananaland is far more advantageous to Cedric.

    The questions raised were:
    1. Where did the alleged breach occur?
    2. Which Member States data protection body should be notified (or both)?
    3. Who is responsible for the alleged breach or do the Postal Service have an automatic getout due to their role?
    4. Can Cedric legitimately go forum shopping here?


Comments

  • #2
    Tom Young
    Legal Moderators, Society & Culture Moderators Posts: 4,338 Mod ✭✭✭✭Tom Young


    Homework?


  • #3
    Five Lamps
    Closed Accounts Posts: 687 ✭✭✭Five Lamps


    I really can't follow what you are saying. The issues about IW are purely down to people being unable to understand data protection law and a very transparent data policy published by Irish Water.

    IW are ultimately the data controller under the law and the buck stops with them whatever their data processors do no matter where they are located.


  • #4
    Bepolite
    Closed Accounts Posts: 2,737 ✭✭✭Bepolite


    Tom Young wrote: »
    Homework?

    That or working with these guys is a fecking hoot :pac:


  • #5
    Robbo
    Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 10,587 Mod ✭✭✭✭Robbo


    Tom Young wrote: »
    Homework?
    Oh lord no, long past that stage in life. More bizarre fiction based on 20% DPC case studies, 40% navel gazing and 40% needlessly added complexity.


Advertisement