Mr. Billy Hawkes:

On the issue of international transfer of personal data, the EU asserts that it has stronger data protection than any other region of the world. Arising from that, it asserts the right to insist that when the data of European citizens is transferred outside the EU it should continue to be protected. Various mechanisms are provided in both the existing law and the planned law to provide for that. There is a balance to be struck in this area because, again, in the Internet world in which we operate our data tends to flow all around the place. At one moment it could be in a data centre in Ireland but ten seconds later it could be in a data centre in Japan or the US.

This issue has come very much the fore regarding the issue Deputy Seán Kenny raised, because in recognition of the significant economic relationship between the EU and the US, a special deal was done when the original data protection directive entered into force, called safe harbour. This provides that the EU will recognise that data transferred to the US is adequately protected if the company concerned signs up to the safe harbour principles, which are essentially EU data protection principles. By doing that they bring themselves under the jurisdiction of the US Federal Trade Commission, which has very strong enforcement powers and has taken enforcement action against a number of major companies because, inter alia, they have not complied with the obligations they signed up to under safe harbour.

From an Irish perspective we recognise particularly the number of US multinationals we have here and the importance to their business that there be a free flow of data between their Irish subsidiaries and US headquarters, balanced against the rights of Irish and European citizens to insist that their data be protected. From our experience the majority of companies take their responsibilities under safe harbour very seriously. Signing up to safe harbour involves a careful examination of a company's data protection practices across its different activities and subsidiaries. For those companies that treat it seriously it is a demanding issue for them. In general we find the US multinationals we deal with have a very strong approach to compliance and their obligations under safe harbour.

Whereas there is pressure on the safe harbour system because of the fact of access by US intelligence and law enforcement to some data, there is the opposite economic argument in terms of free flow of data. The new regulation tries to maintain this balance between the need to protect the rights of European citizens when data goes outside the country - various mechanisms are proposed for that which are very similar to the existing mechanisms - and recognising that in the Internet-driven world data must flow for commercial reasons.

The two other questions related to the rights of trade union members. They are very valid points. European data protection law gives workers rights in the workplace. We are regularly involved in the vindicating those rights, including in the specific areas the Deputy mentioned, particularly GPS tracking. Our website provides guidance that GPS tracking is for tracking vehicles, not individuals. In the workplace one continues to have rights under European law, so in the case of social media use, for example, it is important that workers know exactly what the limits are, whether they are not allowed to use social media and the extent of those limits.

The Deputy mentioned profiling, which the new regulation addresses specifically. There is a need to be careful about the profiling of individuals to avoid putting people into boxes where they may not belong.