Clare Daly (Dublin Fingal, Independent) | Oireachtas source

I am not sure I am very clear as a result of that reply. People would obviously understand the issue of consent in regard to Revenue matters because the public understands there is an overriding public interest as to why people should pay their taxes. The sharing of information in that regard is broadly understood. However, the health database does not have a legislative base. Mr. Carroll mentioned health legislation being developed separately. The database is actually under construction and the sharing of information is already under way, but most people not only do not understand why there is a public interest, but do not even know that their information is being shared in this way. Basically, every single aspect of a person's identity from a health point of view is being put together in one database, where their identity is being signed off. I am not sure that would meet the bar on transparency that is required in this instance. In that sense, I wonder, given that we are on the cusp of such an important project, why a body of work which could contradict that is going on simultaneously. Maybe it is outside the scope of the Department of Justice and Equality because other Departments are running it.

Mr. Carroll said that head 40 states that the competent authorities must adopt and implement appropriate technical and organisational measures to ensure they demonstrate compliance with the standards. It has obviously been a matter of considerable public debate, given the issues about gardaí accessing PULSE records to check up on ex-girlfriends, the cases of giving information to the Department of Social Protection and all the rest, and even my own case with the Garda. In light of such issues, head 23 makes provision for administrative fines in a limited way but it does not really deal with those situations because the bodies will only be subject to them if they are providing goods and services in the same market as private companies. Do we need to beef that up? There does not seem to be any real sanction in the Bill other than a limited one of administrative fines for public bodies, which is not much of a deterrent in terms of breaches.