Donnchadh Ó Laoghaire (Cork South Central, Sinn Fein) | Oireachtas source

We will be supporting the amendment in the name of Deputies Daly and Wallace. Like Deputy Daly, I will make some points to which I will refer after the fact rather than repeat in respect of various amendments because they apply to a number of them.

One of the primary criticisms of this Bill is the length of it and the extent of the exemptions and the scope for regulation. In a general sense, the principles of the GDPR are quite strong and represent progress in terms of data protection in Europe, although I am sure the general public is sick and tired of the GDPR, emails and so on.

This legislation has been the subject of significant criticism for a number of reasons. At the outset, the Minister said that the GDPR generally has direct effect and that it would create problems where the Irish legislation will come into conflict with it. I would say that the legislation as currently drafted and very likely some of the Minister's amendments are in conflict with the GDPR and there will be contradictions at the behest of the Government between the GDPR and the Data Protection Bill. This will result in litigation, which is very problematic in itself because it will create a lack of certainty regarding data protection.

However, I would also be very concerned about the very substantial and wide discretion the Minister is being allowed in the creation of regulations. That is the reason we put forward and had amendments passed in the Seanad about seeking impact assessments of the proposed processing of special categories of personal data. I recognise that some progress was made regarding the qualification that it be necessary and proportionate as opposed to simply being necessary, which was the previous provision. That is a step forward but the potential categories of exemptions are still very wide and allow the Minister too much discretion.

I made the point on Second Stage that the Bill uses the term "public interest" in excess of 20 times but there is no definition of public interest. There is a definition in the GDPR. Article 9.2(g) states that the public interest should "respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject." The fact that this area is not defined in this Bill is a problem, particularly where the public interest is referred to so many times as the basis for exceptions and scope for regulation.

In a general sense I have a problem with the Bill's approach that something "shall be lawful, except where...", whereas in the GDPR the approach is that something "shall not be lawful, except where..." The presumption is in the opposite direction. I have concerns about numerous sections. I am likely to oppose sections 37, 45 and 57 on these and other bases.

I will try not to repeat those points. I thought it would be useful at the outset to outline the basis for that. Safeguards, such as the proposed positive resolution by the Houses of the Oireachtas, are important to safeguard people's data protection rights, and to reduce the impact of the numerous exceptions and substantial discretion the legislation gives the Minister.