Alan Shatter wins appeal over alleged Mick Wallace data breach

Data Protection Commissioner criticised ex-minister, who claimed he never processed information

Former minister for justice Alan Shatter has won his appeal over a finding that his disclosure on live TV of information concerning Independents4Change TD Mick Wallace was a breach of his duties under the Data Protection Act. Photograph: Cyril Byrne/The Irish Times.
Former minister for justice Alan Shatter has won his appeal over a finding that his disclosure on live TV of information concerning Independents4Change TD Mick Wallace was a breach of his duties under the Data Protection Act. Photograph: Cyril Byrne/The Irish Times.

Former Justice Minister Alan Shatter has won his appeal over the Data Protection Commissioner’s finding his live TV disclosure of information about Independent TD Mick Wallace breached his statutory duties under the Data Protection Acts.

Mr Shatter had denied his reference during an RTÉ Prime Time interview in May 2013 to Mr Wallace being allegedly cautioned by gardaí over allegedly using a mobile phone while driving amounted to disclosure of personal data of Mr Wallace.

He argued he never had, or saw, any written record of the information verbally communicated to him during a conversation with then Garda Commissioner Martin Callanan and what he had said did not amount to “processing” it.

He appealed over the Circuit Civil Court’s dismissal of his challenge to then Data Protection Commissioner (DPC) Billy Hawkes’ May 2014 decision the disclosure breached his statutory duties under the data protection acts.

READ SOME MORE

Mr Wallace had complained to the DPC after the Prime Time interview. He has separate civil proceedings against the Minster for Justice, and against Mr Shatter personally, over the matter which have yet to be heard.

In his judgment on Thursday, Mr Justice Charles Meenan allowed the appeal after finding a series of errors in the DPC’s application of the acts to the circumstances of Mr Shatter’s case.

The judge found the information - contained in an internal Garda email shown to the Data Commissioner but not provided to Mr Shatter - was not “manual” or “automated” data, and Mr Shatter was not a “data controller” or joint data controller, within the meaning of the Acts.

He upheld claims by Mr Shatter the DPC had prejudged the issue as to whether the information was personal data of Mr Wallace’s and had acted in breach of Mr Shatter’s right to fair procedures in the manner in which he reached his May 2014 decision.

Statements made by the Data Commissioner in correspondence and to the national media cannot be seen as anything other than prejudgment of a central issue in Mr Wallace’s complaint, he said.

The DPC, in a public statement broadcast on RTÉ on May 20th 2013, had said the “key issue” was that the “personal data” of Mr Wallace was disclosed by Mr Shatter and it was for Mr Shatter to justify the basis for that, he said.

Because Mr Shatter had continued to participate in the DPC’s investigation, and had not applied for him to withdraw for that, he could not rely on the prejudgment ground alone to succeed.

Mr Shatter however was entitled to succeed on the basis there was a “fundamental flaw” in the procedures followed by the Data Commissioner in considering the complaint.

Mr Shatter was never shown the internal Garda email central to the matter, he said.

While the DPC’s draft decision on the complaint had referred to a “written record” of the information held by the Garda Síochána, it only emerged on May 6th 2014, the date of the DPC’s final decision upholding the complaint, the written note was in fact an email dated January 11th 2013.

All Mr Shatter knew about this email was that it was “internal to An Garda Síochána”, the judge said.

The DPC wrongly interpreted certain provisions of the Acts in arriving at his decision, he ruled. A starting point was whether an email internal to the Garda, shown to the Data Commissioner but not handed over to Mr Shatter, was “data” as defined in the Acts.

The Acts define data as automated and manual data, he noted. Manual information was information recorded as part of a relevant filing system, or intended to form part of a relevant filing system. Automated data was information processed by equipment operating automatically in response to instructions given for that purpose or with the intention it should be so processed.

There was no evidence the email met the definitions of either manual or automated data and the DPC decision in fact stated the email was not recorded on the Garda Pulse system, the judge said.

The DPC also erred in finding Mr Shatter was a data “controller” in circumstances where it appeared Mr Shatter was unaware of the nature of the data information at issue, he held.

Earlier, he ruled the Circuit Court erred in finding Mr Shatter did not have legal standing to appeal. It could hardly be disputed, in pursuing this appeal, Mr Shatter was seeking to reverse potential damage to his good name and reputation arising from the Data Commissioner’s decision.

Mary Carolan

Mary Carolan

Mary Carolan is the Legal Affairs Correspondent of the Irish Times