Under the new Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, a data subject's rights may be restricted to the extent necessary to allow the Central Bank of Ireland (CBI) to carry out certain of its central functions.
What is the legislative basis for the Regulations?
Under section 60(6) Data Protection Act 2018 (DPA), a Minister may, following a consultation process, make regulations that restrict the obligations of controllers and rights of data subjects, where such restrictions are "necessary to safeguard important objectives of general public interest".
What types of personal data come within the scope of the Regulations?
The Regulations apply to personal data, in respect of which the CBI is the controller, processed by the CBI in pursuit of a "relevant objective". Personal data in this context also includes special categories of personal data, and 'Article 10 data'; personal data relating to criminal convictions and offences or related security measures based on Article 6(1) of the General Data Protection Regulation (GDPR), as further defined in the DPA.
What is a relevant objective of the CBI?
A relevant objective is one of a number of important objectives of general public interest, as described in paragraphs (b) to (g) or (i) to (m) of section 60(7) of the Data Protection Act 2018, and pursued by the CBI in exercising a "relevant function".
Important objectives of general public interest
Paragraphs (a) to (o) of section 60(7) of the Data Protection Act 2018 set out a non-exhaustive list of important objectives of general public interest that may necessitate the need for additional regulations, such as the Regulations. Some of those objectives set out in paragraphs (b) to (g) and (i) to (m) (and relevant to the CBI under the Regulations) include:
avoiding obstructions to any official or legal inquiry, investigation or process; preventing, detecting, investigating or prosecuting breaches of ethics for regulated professions; preventing, detecting, investigating or prosecuting breaches of the law subject to civil or administrative sanctions; identification of assets derived from criminal conduct; safeguarding the economic or financial interests of the European Union or the State; protecting the public against financial loss/ detriment due to dishonesty, malpractice or improper conduct in provision of banking, insurance, investment or other financial services; the keeping of public registers for...