Michael D'Arcy (Wexford, Fine Gael) | Oireachtas source

I thank the Chairman and members for the invitation to attend. As the committee will be aware, the Data Protection Act was enacted on 25 May 2018. On foot of that Act, it is necessary to make updated regulations under section 60 to provide for certain restrictions on obligations of controllers and rights of data subjects for important objectives of general public interest in respect of the work of the Central Bank of Ireland. Similar restrictions that the Central Bank relies on are in place under the Data Protection Act 1988 (Section 5(1)(d)) (Specifications) Regulations 1993 and, on foot of the resolution sought, they will be replaced by the draft regulations before the committee.

The proposed regulations restrict, in limited circumstances, the rights and obligations provided for in specific provisions of the general data protection regulation, GDPR. These restrictions apply only where necessary and proportionate to the need to safeguard specified important objectives of general public interest pursued by the Central Bank of Ireland "relevant objectives" set out in the regulations.

These relevant objectives include, for example, regulating financial service providers and markets, protecting the best interests of consumers of financial services, supervising or enforcing compliance with financial services legislation, carrying out monetary policy functions, and contributing to the stability of the financial system.

The regulations provide the bank with the necessary powers to protect the public against harm arising from dishonesty, malpractice, breaches of ethics or other improper conduct by, or the unfitness or incompetence of, persons currently or previously authorised to work in the financial services industry.

To give a very real life example, these regulations are vital to allow the Central Bank of Ireland to investigate whether individuals in regulated financial services providers have committed wrongdoing to customers, and to record where they have found breaches by individuals so they can be prevented from taking on similar roles in the future. In accordance with the provisions of the 2018 Act, the Department consulted extensively with the Data Protection Commission and the Minister for Justice and Equality throughout the drafting process in order to assess the necessity and proportionality of the measure, and to ensure compliance of the proposed measure with EU law on data protection. This consultation involved a cross-functional liaison group led by officials from the Department of Finance and consisting of officials from the Department of Justice and Equality, the Data Protection Commission, the Office of the Parliamentary Counsel, and the Central Bank of Ireland.

Following that consultative process the Data Protection Commissioner wrote to the Minister for Finance to confirm that pursuant to Section 60 (11) of the 2018 Act, the commission has identified no matter which is of significant concern in relation to the proposed regulations. The Minister for Justice and Equality has also acknowledged his agreement with the proposed regulations. Section 6(5)(a) of the Act provides regulations may be made only if a draft of proposed regulations is laid before each House of the Oireachtas and a resolution approving the draft has been passed by each House. I thank the Chairman for the time of the committee here today.