Skip to main content

Academic Integrity: Data Protection

Ethics in Using Information

What is Data Protection?

"Data protection is about your fundamental right to privacy" (Data Protection Commissioner).

Individuals have a right to privacy and this means that access to personal data about living individuals must be regulated.

The Law

Data Protection Act 1988 Revised Act updated to 7 April 2017

The office of the Data Protection Commissioner was established under the 1988 Act. The commissioner upholds the rights of individuals.

"Individuals who feel their rights are being infringed can complain to the Commissioner, who will investigate the matter and take whatever steps may be necessary to resolve it."

European Legislation

ePrivacy Directive 2002/58/EC 

Directive 2006/24/EC (Amendment)

Directive 2009/136/EC (Amendment)

Directives above deal with Data Protection for phone, email, SMS and Internet.

EU Directive was brought into force in Ireland by ePrivacy Regulations 2011   

(SI 336 of 2011)

General Data Protection Regulation (GDPR) 2016/679

"...the most important change in data privacy regulation in 20yrs..."

Coming into force 24 May 2018 (applies from 25 May)

See main provisions.

Final Version of Regulation 2016/679

Primary Data

What is it?

Data you measure, collect or record, for your research using methods like interviews, surveys or focus groups.

You are required to obtain explicit consent from your data subjects to use this data in your research as well as for any future research in any related field.

Secondary Data

What is it?

Data already measured, recorded or collected by someone else such as census information or information from journals.

If you are using this data, you must make sure that you can use it for your specific purpose.

Sensitive Information

Sensitive data is normally personal information about a living person. This information can be concerning their health, race, religion etc. How sensitive the information is can often depend on the context.  The main issue is making sure that the person isn't identifiable. If you refer to a 92 year old man in a small town, it is likely that everyone will know who he is.  You must take steps to ensure that the information is secure as it is no defence to say that it was an accident. See the Lindqvist case (2003)

Storage & Retention

  • Keep it only for specific purpose
  • Keep it safe & secure
  • Keep it only as long as needed
  • Easily accessible as the person concerned has a right to see what you have in relation to them
  • Information is confidential so anonymise if using it

Exporting Data & Cloud Computing

Different laws apply in different jurisdictions.  Some countries do not protect data as stringently as others so you must be careful if exporting it.  Consent of the data subject is required prior to data export. Where is your data stored?

EU Law governs export within the European Union and the European Economic Area (EU + Norway, Iceland, Liechtenstein) 

Outside the European Economic Area - you must be careful.

The United States is governed by the EU-US Privacy Shield.