How internet users will now have the right to sue companies who breach data rules
Internet users who are the victims of unscrupulous use of their online data without consent will for the first time be able to sue for compensation for emotional distress under data protection legislation.
Companies who fail in their data protection duties under new regulations will also be liable to fines of €10m, rising to €20m for more serious breaches. However, State agencies and public bodies will be exempt.
Emotional distress caused by a breach will be taken into account for damages.
"This is a new action in tort where you can sue for damage arising from a breach of data protection," a Department of Justice spokesman said.
Justice Minister Charlie Flanagan and Minister of State with special responsibility for Data Protection Pat Breen yesterday published the Data Protection Bill.
It aims to enforce the EU General Data Protection Regulation (GDPR), due to be implemented on May 25, and which regulates gathering, storing and use of personal data online.
When asked about concerns voiced by Helen Dixon, the Data Protection Commissioner, that public bodies were exempt, Mr Flanagan insisted public bodies would be compliant.
"I believe it's important in the context of public and State involvement that we lead by example," he said.
Mr Flanagan announced Ireland's Office of the Data Protection Commissioner will become a three-person body.
"Business will be required to review and update the manner in which they collect and use or store the personal data of their customers, their clients or others," he said.
The EU Commission's director general for justice and consumers has warned that "baddies" exploiting computer flaws to steal private information is not just the stuff of Hollywood movies.
Tiina Astola was in Dublin to discuss data protection and security.