The GDPR and Section 117 of the Data Protection Act 2018 consider that a person can bring a claim in their own right, use legal representation, or by a non-profit association.

In many countries a “class action” would be the normal means by which people’s claims would be processed. While Irish Law does not at present recognise the existence of a class action, this is due to change with the EU Directive on Representative Actions. Ireland has until 25 December 2022 to transpose the Directive, with a further six months to apply it, meaning that widespread collective redress procedures should be available no later than 25 June 2023. Irish Legislation will be needed to implement this directive, and we would suggest that such legislation should be considered by the Government as a set of broad actions to make good the events from the HSE data breach.

At O’Dowd Solicitors we are passionate about privacy and data protection. Our litigation department has taken an active interest in the fallout from the HSE Data Breach. For a month subsequent to the data breach we held our hand with regard to actively advising people they should consider issuing proceedings against the HSE. In that space of time we have written numerous letters to the Minister for Heath, and many other stakeholders. We have not got any response. At this point we strongly feel that the HSE will not assist those affected by the data breach unless it is proactively demanded.