View profile

"careful consideration" | The Cat Herder, Volume 3, Issue 41

Bank Holiday edition. Do Bank Holidays have any meaning any more? This week it's mostly the sadly all
October 26 · Issue #105 · View online
The Cat Herder
Bank Holiday edition. Do Bank Holidays have any meaning any more? This week it’s mostly the sadly all-too-familiar spectacle of the Irish state painting itself into ever more surreal corners in an attempt to avoid acknowledging that it has to obey the law.

Ian Brown
I’m really not sure giving ⁦@NHSCOVID19app⁩ users the terrifying notification below, then the “all clear” above seconds later, does much for their confidence in the process ☹️ (This even happened once while I was giving a talk!)
Principals in affected schools were told that the app was not needed as “individualised risk assessment” would be carried out in the event of any confirmed cases of the virus popping up.
Teachers in schools with positive Covid-19 cases asked by HSE to turn off contact tracing app while in work
A few observations on yet another attempt by the state to continue its policy of abuse by bureaucracy and the exercise of information-based power. Yes, it’s the Commission of Investigation (Mother and Baby Homes and certain related Matters) Records, and another Matter, Bill 2020.
Firstly for the Department of Children and Youth Affairs.
Sending your minister into the houses of the Oireachtas to mention consultation with the Data Protection Commission without clarifying that said consultation appears to have consisted of the DPC saying “I wouldn’t do that if I were you” is not a winning short, medium or long term strategy.
You can’t take some bits of personal data, in one format held by one entity, and say the GDPR applies to them while claiming it doesn’t apply to the underlying records and all the rest of the personal data held by your department. Individuals’ rights follow the data, wherever it goes and in whatever format it is held.
Article 23 of the GDPR allows some restriction of rights in very particular circumstances and with conditions which must be met. Reading the entire Article is always a good place to start.
Similarly, the Irish Times could have read the legislation which purports to “seal” records for thirty years before writing a condescending explainer which mistakes state policy for law. (Top tip: go to the print version of the Act and use Ctrl-F to search for the word “seal”).
Dismissing the rights found in the Charter of Fundamental Rights of the European Union and the General Data Protection Regulation with a sentence beginning “Some lawyers say …” is possibly something that should have been caught by a sub-editor with knowledge of the area before it was published.
If the Taoiseach has tweeted a link to your flawed ‘explainer’ of an extraordinarily contentious issue and described it as “Excellent journalism”, if government TDs are using it as a talking point and in replies to emails from their constituents perhaps that should prompt some editorial reflection on a number of issues.
Katherine O'Donnell
This article will make a good example for my class on epistemology (how knowledge is created). The omissions, errors, unsupported assertions & framing of the narrative can allow for examination of the ways in which the powerful take control of what can be known #UnsealTheArchive
For the government in general.
When you’ve forced a piece of legislation through the houses of the Oireachtas after manufacturing an artificial deadline, while refusing to consider any opposition amendments, offering up increasingly incoherent arguments during the progress of the Bill and hiding behind privilege to attempt to smear survivors’ groups and their advocates, only to be told by the independent Supervisory Authority that the envisaged outcomes will be in breach of European law and then to be rebuked by the President as he signs the Bill into law then it’s apparent you’ve done something very wrong.
The Prison Service should perhaps familiarise itself with the powers of the independent Supervisory Authority before issuing peculiar statements such as this.
In response to questions on the matter, the IPS has denied that Ms Dixon’s notification is a ruling or that the process carried out by the DPC over the last 18 months was an “investigation”.
Prison security systems violate data law, DPC rules
It definitely could.
It definitely could.
Highly unusual ransom case underway here in Finland: a private psychotherapy clinic was hacked, and the therapist notes for maybe even 40,000 patients were stolen. Now the attacker has emailed the victims, asking each for 200 € ransom in Bitcoin. #vastaamo
The DPC announced it has opened two statutory inquiries into “Facebook’s processing of children’s data on Instagram”.
The Lithuanian DPA fined Vilnius City Municipality Administration €15,000 for improperly processing the personal data of the parents of an adopted child.
The Hellenic DPA issued two fines to politicians, one for €2,000 for unsolicited political communication by email and one for €1,000 for unsolicited political communication by SMS.

  • “The Government has not explained why denying individuals who were subjected to forced family separation access to their own transcripts of evidence and personal and family records is a necessary and proportionate measure to safeguard the effective operation of this or any Commission or the future cooperation of witnesses. Surely, such a blanket denial of access to personal data does the opposite: it undermines the purpose of this Commission, which was to respond to complaints of unlawful interference with private and family life, denial of personal and family identity, and denial of information about loved ones who are disappeared or deceased.” Dr Maeve O'Rourke: Here’s a full analysis of the problems with the Government’s Mother and Baby Homes Bill’
  • “It would be a perverse legacy for the government to legislate to deprive people of data they so sorely wish to access about themselves and open Ireland up to the risk of fines on foot of enforcement by the European Commission in order to do so.” From ‘Mother and Baby Home Commission records: An EU Law Perspective’ by Simon McGarr.
  • “Because I cover the app space thoroughly, I’ve learned to be skeptical of everything I download on my phone—but for some reasons, I was still shocked to see, with my own two eyes, multiple ad networks getting their hands on my very personal data—including my specific prescriptions. As I dug deeper, what became even more shocking was that this wasn’t only 100 percent legal, it was 100 percent legal because it exploited very obvious loopholes in government regulation—and the internet itself.” From GoodRx Shares My Prescriptions With Third Parties—and It’s Perfectly Legal’ by Shoshana Wodinsky in Gizmodo. It’s important to note that this may be perfectly legal in the US but it is not perfectly legal in the EU. Though that doesn’t mean it isn’t happening.

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland