The further GDPR travails of Ross O’Carroll-Kelly

Statue of Ross O'Carroll-Kelly, via Wikipedia
Statue of Ross O’Carroll-Kelly
Ross O’Carroll-Kelly (pictured left) is in GDPR-trouble again. Last time, he was fired from his job as an estate-agent for failing to report a data breach, when his work lap-top was stolen from his car just as the GDPR came into full effect. This time (as recounted in last Saturday’s Irish Times magazine; audio here), he learns to his great cost the power of the data subject access request under Article 15 GDPR.

The background is well explained by Jennifer O’Connell’s experiences also recounted in last Saturday’s Irish Times magazine. Her story starts with staff members in a hotel asking customers: “If you enjoyed the service, would you minding leaving a TripAdvisor review, and mentioning me by name?” As she explains

It’s not only people in the service industry whose job security now rests on the whims of the terminally irate. If you’re a writer, Goodreads and Amazon reviews are your nemesis. If you’re a driver, it’s Uber. If you rent out your house, it’s Airbnb. If you’re a journalist, it’s the below-the-line comments.

She hasn’t reviewed the hotel waiter yet (she’ll be kind); but “in a Dublin hotel a few months ago, unable to sleep due to the sound of the four-hour, vigorous, live-action porn show on the other side of the cardboard door connecting [her] room with the one next door, [she] lay there plotting [her] TripAdvisor review”.

However, on some of these platforms, reviews go both ways. For example, not only do riders rate drivers on Uber, but, after every trip, drivers can rate riders as well. It is the same with the taxi app being used by Ross’s wife, Sorcha. She’s worried because she has an average “one-stor” customer rating from the drivers, out of five, which the lowest rating that it’s possible to get. This gets Ross worried too, not because he’s concerned for his wife, but

because her one-stor rating is almost certainly down to me, given that I’ve been using her account for the past six months and taxi drivers tend to bring out the worst side of my personality.

He tries to make light of it, but Sorcha is having none of it, revealing that she has already

… made a Data Access Subject Request. … All citizens have the right to access their personal data, Ross. I’m entitled to know why taxi drivers seem to think so little of me, especially given how much I tip.

As Sorcha leaves Ross to check whether the postman had delivered the hardcopy reply, their daughter-from-hell, Honor, arrives, having intercepted the post along the way. Together, they read all the horrible things Ross said to the taxi drivers over the previous six months; and they learn of some co-passengers Sorcha might not like to learn about; so Ross bribes Honor a thousand euros not to say anything to her mother. She agrees. And Ross relaxes, thinking he’s off scot-free. Then:

Sorcha steps back into the kitchen. “Nothing in the post,” she goes.

I’m there, “Like I said, you should just let it go, Babes.”

“No, it’s fine,” she goes, holding up her phone, “because they’ve emailed me the information anyway.”

Honor stands up from the table. She goes, “I’ll leave you to it, Dad. I still want that thousand euros, by the way.”

I wonder if anyone’s left a comment on Jennifer’s TripAdvisor review of the performance in the adjacent hotel room, or perhaps lodged a subject access request to find out more about it?

Navigating Privacy in a Data Centric World

Jules Polonetsky, via FPF siteOn Monday, 28 January 2019, 16.00-17.30, in Regent House (map), Trinity College Dublin, Jules Polonetsky (CEO, Future of Privacy Forum; pictured left) will give a public lecture on

Navigating Privacy in a Data Centric World

Almost every area of technical progress today is reliant on ever broader access to personal information. Companies, academic researchers, governments and philanthropists utilise ever more sensitive data about individuals movements, health, online browsing, home activity, social interactions. To collect the data, cars, drones, phones, wearables, TVs and faces are tracked. Sensors that see and hear collect new types of information and machine learning provides exponentially deeper analysis. Will European data protection reshape the leading data intensive technologies? With the backlash against tech company practices lead to regulation in the US and globally? What role for Ireland at the centre of the new generation of regulation and tech development? Can data be mined for the benefit of society without creating an Orwellian future?

Jules Polonetsky is CEO of the Future of Privacy Forum (PFP). It is a nonprofit organisation that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF brings together industry, academics, civil society and other thought leaders to explore the challenges posed by technological innovation and develops privacy protections, ethical norms and workable business practices. FPF is based in Washington DC, and is active in the US, Europe and Israel.

This event is organised by the Ethics & Privacy Working Group of the ADAPT Centre, in conjunction with the Trinity Long Room Hub, the Technologies, Law and Society Research Group at TCD School of Law, TCD School of Religions, Peace Studies and Theology, TCD Library and DCU Institute of Ethics.

The event is free; and all are welcome to attend; but booking via Eventbrite is essential.

Did Christmas come early for NJ commuters who were showered with money last week?

Flying dollarsAccording to Wikipedia, Betteridge’s law of headlines is an adage that states: “Any headline that ends in a question mark can be answered by the word no”. That is true of the question in the title to this post: no, Christmas did not come early for NJ commuters who were showered with money last week. The CBS headline tells the story: Armored truck spills cash on N.J. highway, drivers rush to grab dollars and crashes ensue. Of the more than $500,000 that spilled on to the highway, nearly $300,000 remains missing, and the bank and the police want it back. As with overactive ATMs, these flying dollars are not so many early Christmas presents, the bank is entitled to recover them, and retaining them may very well amount to theft.

60minutes says that the GDPR is the law that lets Europeans take back their data from big tech companies




From the report embedded above (with added links):

Tech companies’ reign over users’ personal data has run largely unchecked in the age of the internet. Europe is seeking to end that with a new law

… the European Union enacted the world’s most ambitious internet privacy law [the General Data Protection Regulation (the GDPR)], even winning support from the CEO of the biggest tech company in America, Apple’s Tim Cook. …

Max Schrems: The default under the European system is you’re not allowed to use someone else’s data unless you have a justification. …

Jeffrey Chester: Americans have no control today about the information that’s collected about them every second of their lives. …

Today, if one of the big tech companies chooses to ignore Europe’s new data protection law it could cost them 4 percent of their global revenues, which for the biggest companies would mean billions of dollars. Those decisions will likely be made here in Dublin, … Ireland’s data protection commissioner Helen Dixon says it’s not going to be business as usual.

Helen Dixon: U.S. internet companies have no doubt that this law is serious, it has serious bite. And all of them are eager to avoid any engagement with that.

Dixon says tech companies are spending tens of millions of dollars hiring lawyers, compliance officers and engineers to make sure they are operating within the law. …

Steve Kroft: You think the big tech companies, the people in Silicon Valley are taking this seriously?

Eoin O’Dell: I think they have to.

Eoin O’Dell is a law professor at Trinity College in Dublin and a leading expert on European privacy law. He says Europe has now established an international standard for internet privacy, and companies like Facebook, Google and Amazon are not about to retreat from a $17 trillion market.

Eoin O’Dell: We have safety standards in cars, but that hasn’t stopped us driving cars. We have emissions standards for – for the gas in the cars but that hasn’t stopped us using the gas in the cars . The data companies are – going to comply in the same way as the – car companies have complied

Steve Kroft: To stay in business.

Eoin O’Dell: To stay in business.

Since the European privacy law was passed, at least ten other countries have adopted similar rules. So has the state of California. Perhaps sensing the inevitable, Facebook, Twitter, Google and Amazon are now saying they could support a U.S. privacy law if they were given considerable input. The Internet Association, which lobbies for big tech, and its president Michael Beckerman say they would support giving Americans reasonable access to their information and some privacy rights now enjoyed by the Europeans. …

Produced by Maria Gavrilovic. Associate producer, Alex Ortiz.

Brown J of the Supreme Court of Canada will launch the Palles Society for Private Law in Trinity

The Honourable Russell Brown, Justice of the Supreme Court of Canada, will deliver a keynote lecture on the topic of

Indeterminacy in the Duty of Care Analysis

at 6:30pm on Thursday 22 November 2018 in Trinity College Dublin, to launch the Palles Society for Private Law. The lecture will be held in the TRiSS Seminar Room (on the 6th floor of the Arts Block in Trinity (map and directions)); and a reception will follow. The event will be chaired by His Excellency Kevin Vickers, Ambassador of Canada to Ireland. All are welcome to attend, but registration is required.

Christopher Palles (pictured above left) was an unrivalled master of the common law. He was Lord Chief Baron of the Exchequer in Ireland from 1874 until 1916. Professor VTH Delany described him as “the greatest of the Irish judges”.

Justice Russell Brown (pictured above right) has been a puisne justice of the Supreme Court of Canada since 2015. He was a Professor of Law at the University of Alberta before his appointment to the bench. He is the author of Pure Economic Loss in Canadian Negligence Law (LexisNexis Canada, 2011), as well as articles, chapters and essays on tort law, property law and civil justice.

Kevin Vickers was appointed as the Ambassador of Canada to Ireland in January 2015. He previously served as the Sergeant-at-Arms of the House of Commons.

Justice Brown’s lecture is presented by the Palles Society with the support of the Private Law Group (PLG) in the School of Law, Trinity College Dublin, the Events Fund of the Faculty of Arts, Humanities and Social Sciences (FAHSS), Trinity College Dublin, and the Ireland Canada Business Association (the ICBA). The Palles Society is very grateful to the PLG, the FAHSS, and the ICBA, for their generous support.

1.5 CPD points will be available for this event.

If you are interested in receiving more information about the lecture or about the Palles Society for Private Law, you subscribe to the Society’s mailing list, follow @PallesSociety on twitter, or send the Society an email.

Female-majority panels in the Irish Supreme Court

McGuinness and Denham JJ via courts.ieThere was some chatter online yesterday about the fact that the UK Supreme Court sat for the first time with a 3-2 female-male majority. The Supreme Court of New Zealand had done so last year. Despite the complement of female justices over the last 20 years, the Supreme Court of Canada doesn’t seem to have had a female majority panel yet. And there haven’t been sufficient female justices on the High Court of Australia for it to have happened there. Against that backdrop, I thought I’d find out if and when the Irish Supreme Court had first sat with female majority panels, and this is what I found.

The first majority female panel in the Irish Supreme Court happened more than EIGHTEEN years ago. Denham J was the first woman appointed to the Supreme Court, in 1992; McGuinness J was the second, in January 2000; and a female 2-1 majority on a 3-judge panel of the Supreme Court happened almost immediately after that appointment, in February 2000. In Dalton v Governor of the Training Unit [2000] IESC 49 (29 February 2000) Denham and McGuinness JJ sat with Hardiman J (the image, above left, is of McGuinness J (left) and Denham J (right)).

Macken via ChambersMacken J (pictured right) was the third woman appointed to the Supreme Court, in May 2005; and a female 3-2 majority on a 5-judge panel of the Supreme happened soon after that appointment, in November 2005. In DPP v Gilligan [2005] IESC 78 (23 November 2005) Denham, McGuinness and Macken JJ sat with Geoghegan and Fennelly JJ.

There does not seem to have been a 3-judge panel on which all three of Denham, McGuinness and Macken JJ sat before McGuinness J retired at the end of 2005.

Laffoy and Dunne, with President Higgins, via President.ieDenham J became Chief Justice in 2011 (and retired in 2017). The next women appointed were Laffoy J (2013–2017) and Dunne J (2013-present), appointed on the same day (pictured left are Laffoy J (left) and Dunne J (right) on the occasion of their appointment to the Supreme Court by President Higgins (centre)). The first all-female 3-judge panel is Cagney v Bank of Ireland [2015] IESC 80 (22 October 2015) on which Denham CJ, Laffoy and Dunne JJ sat.

O Malley J via Courts.ieThe next women appointed were O’Malley J (2015-present; pictured right), and Finlay Geoghegan J (2017-present). The first female 4-3 majority on a 7-judge panel was Murray v Budds [2017] IESC 4 (02 February 2017) where Denham CJ, Laffoy, Dunne and O’Malley JJ sat with O’Donnell, McKechnie and MacMenamin JJ.

Finlay Goeghegan JIncidentally, given that some of the recent coverage of the UK Supreme Court centred on the fact that Lady Arden succeeded her husband Lord Mance on the Supreme Court bench, it should be noted that Ireland got here first too, with Finlay Geoghegan J (pictured left) being appointed to the Supreme Court some time after her husband, Hugh Geoghegan, retired from that court.


Finally, Ruth Bader Ginsburg, Associate Justice of the US Supreme Court, has said many times:

People ask me sometimes, ‘When do you think it will be enough? When will there be enough women on the court?’ And my answer is: when there are nine.

By that standard, the Irish Supreme Court has a way to go for an all-female bench of 5 or 7, or for every judge to be female. But it is far ahead of many of its counterparts elsewhere in the common law world. And it has done so quietly, without any of the fanfare that accompanied yesterday’s hearing in the UK Supreme Court.

Digital deposit and harvesting the .ie domain

NLI harvestI have written several times on this blog about the importance of digital deposit (here, here, here, here). Section 198 of the Copyright and Related Rights (also here) provides for the delivery of print publications by publishers to libraries specified in the Act. Under this copyright deposit or legal deposit obligation, several libraries are entitled to copies of books published in the State. However, in Ireland this obligation applies only to print publications. In many jurisdictions, this obligation has been extended to cover electronic publications and websites. With the rise of digital publishing, it is increasingly being recognised that print deposit is incomplete, and that a comprehensive preservation of a nation’s published heritage requires that copyright deposit should extend to online publications as well. Moreover, online material is disappearing at frightening pace. Hence, the Copyright Review Committee, in the Modernising Copyright Report, recommended adding a new section in the 2000 Act to extend the existing copyright deposit regime for print publication in section 198 to digital works, and to permit copyright deposit institutions to harvest the .ie domain.

After much to-ing and fro-ing charted in the earlier blogposts, section 27 of the Copyright and Other Intellectual Property Law Provisions Bill 2018 (as initiated; pdf), in a much less comprehensive provision than that recommended by the CRC, provided for a limited form of digital deposit. It extended the copyright deposit regime to ebooks, but did not provide for the harvesting of the .ie domain. Section 27 remained unamended in the version of the Bill (pdf) that passed the Dáil. But an amendment put forward by Fianna Fáil, and accepted by the government, added a new section 106

Within twelve months of the enactment of this Bill the Government shall bring forward a report on the feasibility of establishing a digital legal deposit scheme to serve as a web archive for .ie domain contents and advise on steps taken towards that goal.

This was progress, even if it amounted to making haste slowly. The Bill went to the Seanad, where Committee stage was taken today. Senator Fintan Warfield argued that a feasibility study was too little, too late, and that the Bill should be amended to provide for the harvesting of the .ie domain. He proposed a short amendment designed to do just that. It is amendment 2 here (pdf). The Minister who had carriage of the Bill during the debate (the Minister of State for Training, Skills, Innovation, Research and Development, John Halligan TD) declined to accept it on the grounds that there were issues with other government departments and public institutions, and that it would have significant resource implications. Nevertheless, Senator Warfield pressed it to a vote. On the electronic vote, there was a tie – Tá (yes) 18; Níl (no) 18 – and the amendment was defeated on the casting vote of the Leas Cathaoirleach (Deputy Speaker). So Senator Warfield called for a walk-through vote, and the amendment was carreed – Tá (yes) 19; Níl (no) 17.

This is excellent news as a matter of principle. It is an important step in making Irish copyright law fit for the digital age. It will also come as a relief to the National Library of Ireland. The image at the top of this post comes from the following tweet:

In other words, the National Library have already harvested the .ie domain. Good for them, notwithstanding that this is a wholesale infringement of copyright. And if and when the Bill becomes law with Senator Warfield’s amendment, and if they do it again thereafter, it won’t be a copyright infringement then!

How to amend the Copyright Bill so that format-shifting and backing-up do infringe copyright

Devices and media, via PixabayAs I explained in my previous post, as the law currently stands, format-shifting and backing-up can infringe copyright. But there is no good reason why this must be so. And the Copyright and Other Intellectual Property Law Provisions Bill 2018 currently pending before the Seanad provides a golden opportunity to put things right.

The main legislation relating to copyright at Irish law is the Copyright and Related Rights Act, 2000 (also here). It is the Principal Act for the purposes of the Copyright and Other Intellectual Property Law Provisions Bill 2018. The aim of that Bill, as described in its long title is to amend the Principal Act

… to take account of certain recommendations for amendments to that Act contained in the Report of the Copyright Review Committee entitled “Modernising Copyright” published by that Committee in October 2013 and also to take account of certain exceptions to copyright permitted by Directive 2001/29/EC of the European Parliament and of the Council of 22 May 20011 on the harmonisation of certain aspects of copyright and related rights in the information society; …

Senators David Norris, Victor Boyhan, Fintan Warfield, Ivana Bacik, Kevin Humphreys, Ged Nash, and Aodhán Ó Ríordáin have proposed amendments to the Bill to permit format-shifting and backing-up. And these amendments are entirely consistent with the aims of the Bill: they propose amendments to the Principal Act to implement other recommendations in the “Modernising Copyright” Report and other exceptions permitted by the Directive. Those recommendations and exceptions relate to making copies for private use, such as format-shifting and making back-ups. The main argument in favour of such private copying exceptions is that they reflect consumers’ reasonable assumptions, basic expectations, and widespread practices. The Copyright Review Committee said as much in its “Modernising Copyright” Report. The Committee was established on 9 May 2011 by the Minister for Jobs, Enterprise and Innovation, Mr Richard Bruton (TD). After an extensive consultation process, the Committee’s Report, dated 1 October 2013, was published by the Minister on 29 October 2013. The Report contained a comprehensive draft Bill to implement its recommendations, and it was widely welcomed. Many provisions of the current Bill are based upon provisions of the Bill in the Committee’s Report. In particular, the Directive permits national law to introduce what it calls limitations and exceptions to enable user rights. Some of those are included in the Principal Act; and many more are now included in the Bill. Those included in the Bill relate to matters such as education, libraries and archives, parody, text and data mining, and persons with a disability. All of these proposals are very welcome. However, private copying exceptions for format-shifting and backing-up, where are permitted by the Directive and which were proposed by the Committee, are not included in the Bill; and their omission is very unwelcome indeed.

(more…)