Patrick O'Donovan (Limerick County, Fine Gael) | Oireachtas source

This is a data sharing and governance Bill. Implicit in the Bill is a governance mechanism on the sharing of information which currently takes place without governance and the Deputy accepts that. At the very start of this Bill, it is important to say that data sharing is currently taking place in this country legitimately, which people want to take place, including at the birth of a child for instance. When a child is born, social welfare becomes aware of that child's existence and the parents can derive a social welfare payment from that. Nobody would expect that we would try to undermine that, neither should anybody expect that we would undermine a situation where a person works in seven or eight different elements of the public sector, that information on their pension entitlements should not be collated and that consent is inferred.

I stand over what I said in the Seanad which has been accurately referred to here. Public sector data sharing is taking place in this country for which there is no legal basis but which people want to continue because they want the services that derive from same. In order to make sure that we get a legal basis for that, we want to put a legal floor underneath it. In doing that, we have a data sharing governance board, which is referred to later on. That will give a statutory entitlement for people who have an issue around consent. When the data sharing agreements are being drawn up, and there will be many of them, they will have an entitlement to have their comments and referrals made.

On top of all of that, we continue to have the Data Protection Commissioner. The data sharing and governance board will be obliged under this law, if enacted, to publish the agreements in advance and to make sure that they are properly constructed and will then make reference to the Minister. What we are doing at the moment around the sharing of information for the development of public services is questionable and I acknowledge the Deputy's point on that.

We are signatories to the Tallinn Declaration and the once only principle and I recently met with a group of ordinary citizens recently. They were randomly selected by the Office of the Government Chief Information Officer and everybody universally agreed that when they are deriving public services, they feel this obligatory necessity to constantly provide the same level of information. In the once only principle, which is referred to as one of the bases for the construction of this Bill, we are giving people an opportunity, under a safe system, namely myGovID and others, through the public services card which the Deputy refers to, which is already in the Social Welfare Consolidation Act, 2005, and the Deputy will know from the debate on this in the Seanad that this Bill does not impact in any way on the Social Welfare Consolidation Act, 2005, nor can it.

Many of the services that we want to actually make sure are done, are being done already but we want to create a safe, legal mechanism for these. As I have said, one of those is the collation of pensions across the public sector. Nobody would be disagreeable to that. If a person moves from an education and training board to the Civil service and on to a semi-State company before working for a primary school, should he or she not have access to a system where all of their information can be shared? There are likely to be thousands of agreements put in place, overseen by a board which is laid out in the Bill. We have to ask ourselves if the current system is better or worse than having an independent governance board which will oversee the building, examination and implementation of all of those data sharing agreements which are currently taking place in a vacuum because there is no legal basis for it.

On consent, article 6 of the GDPR provides for consent as one of the lawful reasons for the processing of data. Other reasons include compliance with existing legal obligations. As well as that, in the Seanad we took on board Senator Higgins's suggestion on it being necessary and proportionate. I have no problem in saying here that it was a very good suggestion and it has now been incorporated into the Bill. The construct of what we are trying to do will be the thrust of these amendments. Do we want a safe mechanism for the collation of data for public services or do we not? It is currently taking place. Do we want an independent governance board that will oversee it? Do we want the public to have a right to have an involvement in the drawing up of agreements that will be put in place, have a public consultation and have those consultations published?

We do not have any of that at the moment. We have an ad hocsystem which is not legally sound. A pensioner or a social welfare recipient such as the mother of a newborn child, should have access to the once only principle. It is only right and fair that a person who deals with the Government of Ireland has access to the once only principle when he or she engages with the Government on services that are governed by an independent governance board, set out in an agreement that is put in place after protracted public consultation. It is perfectly reasonable also that the Data Protection Commissioner will oversee the implementation of same.