What an innoculous looking headline. I can assure you that it was wrangled over by the author for quite some time.
During the year, the issue of subject access to
personal data held by An Garda Síochána arose. The
Office’s clear position, which has been communicated
to the Garda authorities on many occasions in recent
years, is that the Gardaí can claim the application of
section 5(1)(a) of the Acts to relevant data, even in
circumstances where an investigation has been
finalised. However, in so claiming they must have
regard to the prejudice test in respect of each item of
Section 5(1) of the Acts provides as follows:
“Section 4 of this Act does not apply to personal data:
(a) kept for the purpose of preventing, detecting or
investigating offences, apprehending or prosecuting
offenders or assessing or collecting any tax, duty or
other moneys owed or payable to the State, a local
authority or a health board, in any casein which the
application of that section to the data would be likely
to prejudiceany of the matters aforesaid, ….???
It is clear that this exemption is only available where
compliance with section 4 would be likely to prejudice
the preventing, detecting or investigating of offences,
or apprehending or prosecuting offenders. It is not a
general exemption and every time it is claimed in
respect of particular data, it has to be on a case by
case basis. This involves the data controller, in this
case An Garda Síochána, exercising its judgement
based on the particular circumstances of the case.
My view is that ‘likely to prejudice’ requires a significant
likelihood rather than a mere risk that the purposes
set out in section 5(1) would be noticeably prejudiced
if the individual were to have access to the personal
data held about him/her. This implies that the Gardaí
cannot withhold access to all information held about
an individual, only that information which relates to
the objectives set out in section 5(1).
The difficulties that have been experienced
in this area should be greatly reduced when the Garda
Data Protection Code is finalised, probably later this
Yes, later this year. Or maybe later next year. Or at some other, unspecified, date in the future.