Mr. Dale Sunderland:

I addressed the issue of prior consultation in my opening remarks. It is a mandatory requirement and it is in the process of the legislative measure that the mandatory consultation takes place. Therefore, we have been consulted in far from ideal circumstances, which I have mentioned and which the Department has accepted. There is a process underway now. What is important for us in the DPC is that we complete our substantive review, which we are doing as a matter of urgency on the revised text of the Bill. We hope to be in a position to provide substantive observations to the Department very shortly.

I refer to Deputy Costello's question on internal oversight of the powers of An Garda Síochána.

The DPC conducted a number of audits a number of years ago in respect of the operation of the 2011 Act. We concluded that the strict assessment criteria were deployed by centralised liaison units in each of the State agencies and, in particular, An Garda Síochána. We noted the attention given by the liaison units, when working with the investigation units on the ground, to ensure that the scope of disclosure requests were narrowed down and refined to the minimum at all times. Our audit team found that the principles of proportionality in assessing relevance were applied in all of the disclosure requests examined and, in all cases, were reviewed, signed and approved at the required level on a case-by-case basis. That was in the context of the 2011 Act. Of course, things have changed as regards the broader principles around what the Court of Justice of the EU has stated regarding retention of data. If it gives the Deputy any comfort, the DPC's assessment at the time was that the internal operations and processes within An Garda Síochána were working properly.

I welcome what departmental officials have said about the implementation of statutory instruments to regulate or to provide guidance on how this new Act should function. That will be absolutely essential. There will be a requirement for each of the bodies involved and associated with operating the Act to look again at all their procedures to ensure that, even from a first principles data protection point of view, all the necessary safeguards are implemented, and especially that principles are being adhered to.

The audit reports I referred to are summarised in our 2016 and 2017 annual reports, which we can provide to the committee if that is helpful.