The position is that the primary purpose of the Data Protection Acts 1988 and 2003, which transpose the Council of Europe's Data Protection Convention (1981) and the EU's Data Protection Directive (1995) into our national law, is to ensure protection of the personal data of individuals. The Acts apply to all processing of personal data, including collection, use, sharing, disclosure and storage of such data. As regards oversight and enforcement, the Acts provide that the supervisory authority (i.e. Data Protection Commissioner) shall be independent in the performance of its tasks and in the exercise of its powers.
As part of its awareness-raising activities, the Office of the Data Protection Commissioner provides guidance and advice to both individuals on the exercise of their data subject rights and to private companies and public bodies on their obligations as data controllers. In so far as public representatives are concerned, an appropriate balance must, of course, be established between the legitimate activities of public representatives when making enquiries or representations on behalf of their constituents and safeguarding the data protection rights of individuals by public bodies in receipt of such enquiries or representations. In this context, useful material in relation to the disclosure of personal data to public representatives is available on the web site of the Data Protection Commissioner (www.dataprotection.ie).