Alan Shatter (Dublin South, Fine Gael) | Oireachtas source

I move amendment No. 27:

In page 125, between lines 17 and 18, to insert the following:

“ ‘data controller’ has the meaning it has in section 1(1) of the Data Protection Act 1988;”.

In addition to the data protection provisions introduced in Chapter 4, these amendments to the Criminal Justice (Mutual Assistance) Act 2008 provide for the data protection requirements as set out in article 30 of the Prum Council decision insofar as that article applies to article 7 data. Article 30 of the Prum decision requires member states to record the supply and receipt of non-automated data, namely, data which is supplied or received pursuant to a request under article 7 of Prum. Article 7 requires member states to obtain a DNA profile where that profile is not otherwise available. In Ireland, the obligation to record the data in accordance with article 30 will be a function of the central authority under the Mutual Assistance Act.
Amendment No. 31 introduces a new section 79C to the Mutual Assistance Act. In addition to specifying what information should be recorded by the central authority, the new section also sets out the purpose for which the recorded information is kept as well as the length of time for which such records must be retained. In regard to the former, the keeping of the records is for the purpose of monitoring data protection and ensuring data security and the central authority shall, when requested, make the records available to the Data Protection Commissioner.In addition, the central authority will be required to use the records created to carry out random checks for the purpose of reviewing the lawfulness of the supply and receipt of data – comparable to an internal audit.
As for the destruction of the records, the provision requires that the records must be destroyed after two years, whereas the results of the random checks must be destroyed after 18 months. Finally, subsection (7) of the new section ensures that any information supplied or received by a data controller, which could be the Garda Commissioner, Forensic Science Laboratory or the DPP, relating to a request pursuant to article 7 must be notified to the central authority for the purpose of maintaining the records under this section. It is not envisaged that this would arise regularly but there are provisions in the Mutual Assistance Act which permit, in urgent cases, direct communication between, for instance, the DPP and another state.
Amendment No. 27 defines "data controller" by reference to the Data Protection Acts and is consequent to amendment No. 31. Amendment No. 32 amends section 107 of the Mutual Assistance Act. That section confirms the application of the Data Protection Acts 1988 and 2003 to mutual assistance. That section will now be amended to confirm that the modifications to the Data Protection Acts introduced in Chapter 4 of this Bill, and which I have already spoken to, apply to requests pursuant to article 7 of the Prum Council decision.