The Data Protection Act, 1988 and the Data Protection (Amendment) Act, 2003, safeguarded the privacy rights of individuals with regard to personal data i.e. data relating to them which is held on computer files or in manual files which are structured or searchable by reference to individuals.
On 25 May 2018, the General Data Protection Regulation (GDPR) takes effect. It sets out a new framework for protecting individual’s data and its provisions are directly applicable in all EU states from Friday 25 May. The GDPR emphasises transparency, security and accountability by data controllers while at the same time strengthens the rights of citizens to data privacy. The GDPR replaces the 1995 Data Protection Directive.
This revised Citizens’ Assembly Data Protection Policy outlines how we comply with the GDPR in the management and processing of information relating to individuals.
Data Protection Principles
Since its establishment in July 2016, the Citizens’ Assembly has always performed its responsibilities under the Data Protection Acts 1998 and 2003 in accordance with the following eight Data Protection principles:-
- Obtain and process information fairly;
- Keep it only for specified, explicit and lawful purposes;
- Use and disclose data only in ways that are compatible with these purposes;
- Keep data safe and secure;
- Keep data accurate, complete and up-to-date;
- Ensure that data is adequate, relevant and not excessive;
- Retain data for no longer than is necessary for the purpose(s) for which it is acquired;
- Give a copy of his/her personal data to the relevant individual on request.
The new Data Protection Act 2018 will build on previous legislation. The GDPR sets out the following principles for protecting personal data:-
- Personal Data must be collected in a lawful, fair and transparent manner;
- It should only be obtained for specific and lawful purposes;
- It should be used only in ways compatible with these purposes;
- Data must be accurate, relevant, complete and up to date;
- It should be retained for no longer than is necessary;
- It must be processed in a manner that ensures appropriate security of the personal data.
The Citizens' Assembly is an exercise in deliberative democracy, placing the citizen at the heart of important legal and policy issues facing Irish society today. With the benefit of expert, impartial and factual advice, the 100 citizen members have considered a number of topics referred to them. Their conclusions have formed the basis of a number of reports and recommendations which have been submitted to the Houses of the Oireachtas for further debate by our elected representatives. As of 25 May 2018, three reports have been submitted by the Assembly and one further final report will be submitted within the next month.
All staff and those contracted to work with or provide a service to the Assembly are firmly committed to ensuring personal privacy and compliance with Data Protection legislation.
The Assembly operates under six key principles – Openness, Fairness, Equality of Voice, Efficiency, Respect and Collegiality.
Members – Personal Data
We have committed to protecting the privacy of our Members through our agreed Rules and Procedures. Member details are collected for information purposes only and only names and general areas where members come from are made public. All other details are treated in strictest confidence.
Personal details of individuals were gathered on recruitment and additional details were gathered if the individual was invited to become a full Member of the Assembly. These details are only used for the purposes of contacting members regarding Assembly business and are never made public.
Submissions – Personal Data
We have also clearly outlined our policy on the publication of personal details in respect of the Submissions process on our website www.citizensassembly.ie.
- All submissions received will be published on the website and displayed with a full name (first name, surname)/name of organisation, if appropriate.
- Anonymous submissions will not be accepted.
- In the case of personal stories and sensitive submissions, all personal data and related identifiable details will be removed or redacted if requested.
No personal, identifiable details received in submissions are made public by the Assembly.
Experts/Speakers/Contributors – Personal Data
Personal information provided by experts, speakers and other contributors to the Assembly’s deliberations will only be publicised with their knowledge and/or permission.
Again, their personal details will only be used to contact them with regard to Assembly business as appropriate.
When handling personal data, and to avoid a data breach, staff shall ensure that such data is only used for the purpose for which it was sought or submitted, will keep it confidential as appropriate and will secure the data safely when not in use.
Security of Data
We respect the rights of users of our website and do not, as a general rule, collect personal information unless it is volunteered. Any such personal information will be treated with the highest standards of security and confidentiality, strictly in accordance with Data Protection legislation. Any information provided to us by users is used only in line with the purpose for which it is provided.
Where a user voluntarily provides personal information in response to a questionnaire or survey, the data will be used for research or analysis purposes only.
For general web browsing no personal information is revealed to us, although certain statistical information is available to us via our internet service provider. This information may include
- The logical address of the server being used
- The top level domain name from which the Internet is accessed (for example, .ie, com, .org etc.)
- The type of browser being used
- The date and time someone accesses our site
- The Internet address used to link to our site
Some of the above information is used to create summary statistics which allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally, help us to make our site more user-friendly.
Social Media – cookies may be used by some third party sites such as Twitter.
The Citizens' Assembly website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
By using the Citizens Assembly website, users consent to the processing of data about themselves by Google in the manner and for the purposes set out above.
Email and Internal Computer Systems
The Citizens' Assembly's email and internal computer systems are hosted on the Department of the Taoiseach's secure network and are protected by a variety of security measures, including the use of industry-leading firewalls, to ensure that only Citizens' Assembly staff can access Citizens' Assembly systems and data and that this data is kept safe and secure
The Citizens’ Assembly concluded its deliberations at its final meeting on 14/15 April 2018 and the Assembly Secretariat will be wound.
No further contact will be made from the Assembly with Members, Suppliers, Experts, Speakers, Contributors and the general public once the work of the Assembly has been completed.
The Assembly will, however, meet its obligations under the National Archives Act in relation to retention of records, and for transfer of records to the National Archives after 30 years.
We expect to have minimal contact with the aforementioned individuals and groups from 25 May, 2018.
This Policy will be reviewed as appropriate in light of any legislative or other relevant developments.