Mr. Seamus Carroll:

To go back to the first question, there is a very important safeguard in this legislation, which is that data controllers must carry out a data protection impact assessment where there is likely to be risk to the rights and freedoms of individuals. In certain cases, in the preparation of legislation in particular, public bodies and authorities must consult with the Data Protection Commissioner. In regard to the health matters mentioned by the Deputy, I understand, and perhaps the commissioner can confirm this, that consultations have already taken place with the health committee on this matter.

The corrective powers of the commission with regard to the private sector are set out in the regulation but very important corrective powers in regard to public authorities and bodies are also set out in head 61, including those bodies mentioned by the Deputy. The corrective powers are set out in paragraph (2) and include the issuing of warnings to a competent authority to issue reprimands, ordering a competent authority to comply with a data subject request, ordering a competent authority to bring processing into compliance with this part of the Act, ordering a competent authority to communicate a breach to the data subjects, imposing a restriction on processing, and ordering the suspension of data transfers to a recipient in a third country. There is quite a broad range of corrective powers which the commission will have in respect of public authorities and bodies within this Act. That is quite separate from the corrective powers which are conferred directly on the commissioner under the regulation.