Will data controllers have to bend to the almighty fada?
The Data Protection Commission (DPC) recently launched an investigation into the decision by several public and private Irish companies to refuse a request for rectification submitted by an Irish television producer. The complainant, Ciarán Ó Cofaigh, filed a complaint with the DPC against the Health Service Executive (HSE), after being informed that the síneadh fada in his name could not be input into the software of a hospital under the administration of the HSE.
Similar complaints have been filed with other Irish private companies and banks. Ó Cofaigh’s complaint has been made pursuant to Article 16 of the EU General Data Protection Regulation (GDPR), which provides data subjects with the right to rectify information about them that they believe is inaccurate or incomplete without undue delay (known as the right to rectification).
In the name of the fada
The síneadh fada is an acute accent used in the Irish language to elongate a vowel, similar to the acute accent ‘é’ in French. Its inclusion or omission can materially affect the pronunciation and the meaning of a word. For example, the Irish name Seán is different to the Irish word sean, which means ‘old’.
The argument advanced by Ó Cofaigh is that the fada is not an optional extra. Rather, it is a central and functional element of his personal data (namely, his name and address) and that his name without this accent is not his name.
Accordingly, Ó Cofaigh has argued that failure to spell his name with a fada constitutes an inaccurate recording of data.
Graham Doyle, a spokesperson for the DPC, has confirmed that the office intends to consult with other European regulators and the Irish Language Commissioner to ascertain the status of the síneadh fada under Irish law.
Recognising other accents
This issue was recently brought into focus when the National Transport Authority was criticised for failing to spell the names of Leap Card users with the síneadh fada due to technical limitations of the software. A decision has yet to be reached by the DPC on this matter; however, if the complaint is upheld, this could have significant implications for both public and private companies that process large amounts of personal data in the Irish language and, indeed, in other languages that use accents (eg circumflexes, grave accents and umlauts).
It is possible that these organisations may be requested to update their software to ensure accents such as the fada can be input and that names that are not in the English language are capable of being accurately recorded. However, the cost and time involved in upgrading the software would likely be significant.
Recording accurate data
This complaint raises interesting questions regarding the scope and application of the right to rectification, which, in practice, is not exercised as frequently as other data subject rights such as access and erasure. However, it is an important right to which companies should have regard.
While it is possible to update systems and put in place security measures to protect against personal data breaches and facilitate data subject request compliance, this serves as a reminder that it is critical at the point of collection (whether automated or manual) to ensure, to the greatest extent possible, accurate and complete recording of personal data. In the procurement process, consideration should also be given to whether new systems could potentially place an organisation in breach of the principle of accuracy under Article 5 (1) (f) of the GDPR.
In any event, in the context of a name – which is fundamental to an individual’s personal identity and individuality – every effort should be made to record all characteristics that may influence the name’s pronunciation and meaning.
By Leo Moore with Anna Ní Uiginn contributing
Leo Moore is a partner in the William Fry Technology Group, specialising in technology, data protection and intellectual property law. Anna Ní Uiginn is a solicitor in this group who advises clients on intellectual property, data protection and commercial contracts.
A version of this article originally appeared on the William Fry blog. William Fry’s website also hosts a page dedicated to GDPR as Gaeilge.
The post Will data controllers have to bend to the almighty fada? appeared first on Silicon Republic.