The office of the Data Protection Commissioner is established under the 1988 Data Protection Act, which was passed on the 13th July 1988, and came fully into force on the 19th April, 1989. The Data Protection Amendment Act, 2003, updated the legislation, implementing the provisions of EU Directive 95/46.The Acts set out the general principle that individuals should be in a position to control how data relating to them is used. "Data controllers" - people or organisations holding information about individuals on computer or in structured manual files - must comply with certain standards in handling personal data, and individuals have certain rights.
The Data Protection Commissioner is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obligations upon data controllers. The Commissioner is appointed by Government and is independent in the exercise of his or her functions. The Commissioner makes an annual report to the Oireachtas, the Irish Parliament. Individuals who feel their rights are being infringed can complain to the Commissioner, who will investigate the matter, and take whatever steps may be necessary to resolve it.
The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as Government Departments and financial institutions.
The Commissioner also has a role to play in the enforcement of Electronic Communications Data Protection and Privacy Regulations(S.I. 535 of 2003) , as amended by SI 526 of 2008. These regulations make the sending of unsolicited direct marketing messages by electronic means an offence and among other things make provision for a telephone marketing opt-out register.
In addition to his primary responsibilities, the Data Protection Commissioner also exercises functions arising from Ireland’s membership of the European Union (See "European Functions") and in relation to North/South Bodies.