Dr. Dennis Jennings:

I thank the joint committee for giving us the opportunity to meet it to discuss the provisions of the general scheme of the Data-Sharing and Governance Bill. I have a background in technology, computing and communications. I headed up the computing services department in University College Dublin for 22 years. I am an Internet pioneer, having made significant contributions to the development of the global Internet in the 1980s. More recently, I have been an early stage investor and non-executive director. I also serve on the Open Data Governance Board of the Department of Public Expenditure and Reform.

It is evident that the modern state requires personal information to run effectively and efficiently and support the individual citizen and resident. It is also evident that, as citizens, we expect more of State services than ever before. We expect them to be efficient, timely, cost-effective, fraud free and driven by automated processes. However, we also expect to be protected and safe when we use them. Part of this safety involves the protection of our privacy and personal data.

When I read the draft Bill last year, I was shocked and disappointed, but it stimulated me to consider the principles that should underpin a shared e-infrastructure to enable the public sector to properly serve the citizens of the State. A copy of the current version of my paper entitled, Implementing Public Service Shared e-Infrastructure: The Individual & the Irish State – The Grand Bargain, has been submitted to the committee. The paper outlines the ten principles that I believe should be adopted before the implementation of any shared State-citizen e-infrastructure is even contemplated. I would like to focus on some of the issues highlighted in my paper.

The first issue concerns identity and opting in. Little can be done to implement an appropriate shared services e-infrastructure without agreement - I stress the word "agreement" - on a unique, rigorously authenticated, biometrically and multi-factorial secured identity mechanism for each individual. Current identity mechanisms – passports, driving licences, public service cards and medical cards, for example – are all poor substitutes for what is actually required. General buy-in to the use of unique identifiers can and will be achieved by the State offering compelling value propositions – better, faster, slicker, more convenient, more accurate and more efficient services – in order that, in due course, when public confidence in the data protection provided by the systems has been established, the identification system may be made compulsory.

The State and civil society organisations representing the individual's rights to data privacy need to agree on the necessary identity approach and solutions. The current situation, in which the Department of Public Expenditure and Reform is trying to introduce 3 million public service cards using data from multiple sources under the provisions of social welfare legislation that I believe to be very old and out of date, is truly shocking and a gross breach of this principle and the trust required. In addition, we should be talking about queries and responses through data access, not data sharing. A fundamental principle to be adopted in any shared services e-infrastructure implementation is that individual personal data are never copied and shared, with consequential loss of control over access and authenticity, but are always accessed dynamically online. In addition, no general access to the underlying data may be given; rather, such access is provided so as to respond with answers to a predefined and pre-approved set of queries. The data-sharing concept underlying the Bill is fundamentally flawed.

With regard to authentication and access, to ensure confidence in the new shared services e-infrastructure, access to personal data held by the State must be restricted to the individual data subject and data owner and only to legally authorised and EU GDPR-compliant organisations and personnel. Strict multi-factorial authentication of all individuals with query access must be required. Not only must they be authorised but also authenticated to establish their true identity. The Bill, as drafted, is almost silent on the need for rigorous authorisation and authentication of every person in the public service with access to data. That is a major defect.

With regard to data logging by requestor and responder and data logging centrally, it is self-evident that access to personal data must be logged and recorded in order that audits can be undertaken and individual citizens can easily track by whom, why and when their personal data have been accessed.

It is also self evident that all access to personal data must be logged and recorded so that audits can be undertaken and individual citizens can easily track by whom, why and when their personal data has been accessed. Both the requesting and the responding organisations' data privacy gateways, however that is implemented, must automatically log an encrypted hashed record of all queries and data requests, and the resulting responses, that access data relating to an individual. The Bill has no mention of the data access logging that is a central component of any trusted shared e-infrastructure.

There are other matters in my paper but the last one I want to highlight is a secure online portal for individuals. A vital part of any shared services e-infrastructure is the citizens’ portal, where citizens and residents can track the State services provided and the details of the use and access to their data. The Bill makes the briefest mention of a single customer view and future online authentication. That is ridiculous. Citizens' access to their own data must be an integral part of any implementation from the beginning.

This Bill needs a great deal of work. None of the issues I have outlined can be taken separately. They have to be combined to make a safe and trusted e-infrastructure. I will pass over to my colleague, Daragh O'Brien, who will talk about the governance aspects of what should be in place.