Saturday 17 August 2019

'Hair dye' story among 'colourful myths' about GDPR laws

A hairdresser refused to tell a woman the brand of hair dye she used on her due to GDPR concerns, it has emerged. Stock picture
A hairdresser refused to tell a woman the brand of hair dye she used on her due to GDPR concerns, it has emerged. Stock picture

Markus Krug

A hairdresser refused to tell a woman the brand of hair dye she used on her due to GDPR concerns, it has emerged.

In a blog, the Office of the Data Protection Commissioner (DPC) cited this as one of the more "colourful myths" when it comes to General Data Protection Reguation (GDPR).

The DPC's office - which handles complaints and queries relating to GDPR from the public and organisations - says a woman contacted them claiming "data protection prevents my hairdresser from telling me what hair dye has been used".

The customer wanted to know which exact colour and brand of hair dye was used before moving to a new hairdresser. She claimed her existing hairdresser refused to give her the details, citing concerns over data protection.

The DPC stressed "that not every request for information is an access request for personal data under the GDPR, especially where the customer clearly didn't intend to or indicate that they wanted to make such a request."

Similar myths around data protection include a management company being denied confirmation about a potential fire in one of their apartment blocks by the fire brigade, and a case of paramedics being denied the medical history of an unconscious patient over GDPR concerns.

The DPC argued that in both cases there would not have been any legitimate concerns over data protection.

The confirmation of an event does not include personal data at all, and "the vital interests of the patient" in the other case would have outweighed the protection of personal data.

When it comes to the overall changes since the introduction of GDPR, a number of trends are emerging. Most of the complaints made to the DPC related to retail banks, telecommunications companies and internet platforms.

Personal data, unauthorised disclosures and direct marketing are among the type of complaints made by members of the public. Since the introduction of GDPR laws on May 25 last year, the DPC has received 6,051 complaints.

Irish Independent

Editor's Choice

Also in Irish News