James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The purpose of today's meeting is engagement with our colleagues who our representing the European Parliament Committee on Civil Liberties, Justice and Home Affairs, LIBE, with a focus on the topic of general data protection regulation, GDPR, enforcement. This is a topic of great interest to the committee as well. Our visiting colleagues may or may not be aware we have produced our own reports on this topic recently and we have been quite strong on it. There is certainly significant interest in it across the committee collectively and also its various members, so we are very glad to welcome our guests for an exchange of views I look forward to. I wish visiting committee members well in their work. I understand they have a number of visits in Dublin and Ireland. Godspeed to our visitors because these are all important visits and I wish them well in their task. I note some of the work they have already done and the findings they have already made. Regrettably, I find myself supporting it/ I wish it were otherwise, but change needs to happen and something has to give. This committee, together with the committee of the Parliament, can keep that pressure on and ensure things are as they should be.

Before we begin the engagement there is a little housekeeping. Members will be aware of this but for our guests should know there is a long-standing parliamentary practice that they should not criticise or make charges against any person or entity by name or in such a way as to make that person or entity identifiable, or otherwise engage in any speech that might be regarded as damaging to the good name of the person or entity. If their statements are potentially defamatory in relation to an identifiable person or organisation, they will be directed by me to discontinue their remarks. Again, this is just housekeeping. I am sure Members of the European Parliament will be familiar with similar rules.

There is another point that may be relevant today. It is a standard note but there is some litigation ongoing on some of these issues.

Member and visitors should avoid commenting on any matters that are the subject of current legal proceedings. Matters that are going through the courts or that are under appeal are sub judiceso I ask that speakers refrain from comment on any such matters.

I am pleased to welcome today's delegation. I welcome: Ms Maite Pagazaurtundúa, an MEP from Spain; Ms Birgit Sippel from Germany; Mr. Paul Tang, from the Netherlands and Ms Gwendoline Delbos-Corfield, who has just popped out for a minute. That is fine. We do not lock the doors here. Our next guest will be more familiar to us because she is a former Member of these Houses, namely, Ms Clare Daly. All our guests are very welcome. Ms Daly was with us before for a previous session. To make a general point, these sessions are very useful and we should have more of them. They give us an opportunity to engage with our European colleagues across parliaments. I understand the MEPs' visit to Ireland is focused on the enforcement of the GDPR. At this meeting, we will focus on our report of 21 July, which I have mentioned, in which we did our own deep dive into the issue.

We have about an hour in this slot. The MEPs have a busy agenda and have back-to-back meetings all day, so they are under a little bit of pressure. We have put in about an hour for this engagement. I know there is a desire on both sides to network, share stories and have some private informal discussion. We have arranged some tea and coffee. I propose to hold a formal 40-minute engagement and exchange in here. At that point, the meeting proper will conclude and we will continue our chats outside over a cup of coffee. Perhaps that will allow for a deepening of the relationships we are building today. Is that agreeable as a format? It is.

Ms Pagazaurtundúa is leading the delegation. Perhaps she would like to make some opening remarks. If she wishes to make her opening remarks on behalf of the delegation, we can then go around the table on her side. As the leader, Ms Pagazaurtundúa may take as long as she wishes and we will then take a couple of minutes across the table. We will then invite the members of the committee to come in. We will aim to conclude at 11.45 a.m. and then take some coffee outside. I remind everyone that earphones are available if they need translation.

Ms Maite Pagazaurtund?a:

I will continue in Spanish but first, dia daoibh. Thank you for accepting our invitation. Our mission in Dublin has two fundamental issues: the application of the GDPR in Ireland and the implementation of the provisions of the GDPR in Irish law. I must tell the committee, on behalf of our team, our group and the Members of the European Parliament, that we read with great interest the report produced by your committee last year. We are pleased that its recommendations focus on issues for the improvement of the implementation of the system. All of us, both the committee and ourselves, have the common goal of ensuring the efficient and effective implementation of the provisions on personal data protection throughout the European Union, and so we echo and thank the committee for its work. Action is needed to give citizens across Europe confidence that their data is handled securely and lawfully in order to restore Ireland's reputation as a leader in implementing this very important regulation. Without further ado, I thank the committee for its work and pass the floor to the honourable Members.

Ms Birgit Sippel:

I thank the committee for giving us the opportunity to appear before it. Looking into the report, I am quite convinced the members know how important Ireland's role is in the enforcement of the GDPR. I underline once again that, in enforcing the GDRP, we are also ensuring other fundamental rights and freedoms such as freedom of expression, freedom of assembly and the protection of private and family life. It is really important. I imagine that, while members may not agree with all of our criticisms of the Irish Data Protection Commission, DPC, they may be concerned about them because they do not paint a good picture of the situation in Ireland. In addition to the commission's report, I would like to hear about the next steps being taken to improve the system and to improve the image of the DPC. I would like to ask two specific questions. One refers to having two additional commissioners. What will their expertise be? Will they work on the same level as the current commissioner or will there be a kind of hierarchy? Do members believe it would be helpful to have an independent investigation that could lead to one of two different views, either that everything is fine or that there are identified concrete gaps? If they think about it, do members already have an idea who could carry out such an investigation?

Mr. Paul Tang:

It is good to be here. I have spent my week in Ireland first discussing taxation and now data protection and privacy. In all honesty, I came here with the idea that it was important to look at the Irish supervisor, the Data Protection Commission, because that is very much an interest of Europe. However, having had discussions with some of the big technology companies yesterday and today, I now realise that it is also very much in Ireland's interest to have very good supervisors because the reason these companies come here is not really taxation. In our discussions, it came up that taxation is just one of many factors. The fact that a constellation of services is provided in Ireland, although mainly in Dublin, including direct contact with a very good supervisor is one of the reasons these firms invest in Ireland. However, that means we want to have good European supervision. As Ms Sippel has explained, data protection and privacy are human rights so this is a European interest but I have learned that it is also in Ireland's interest to have a very good supervisor.

Ms Gwendoline Delbos-Corfield:

I am from the Green group. I thank the committee for meeting us. I will reiterate that, for us, this is not a technical or theoretical discussion. It is about citizens' rights and our data, the data of plenty of people that can be used in a dangerous way. It seems that it is not a matter of much political debate in Ireland but it is in most of our countries. When there are data leaks from one of the big technology companies in Ireland, it concerns a lot of people. They get frightened about a number of their rights because the data then becomes available. That is why we in the Parliament believe this mission to be very important and why we wanted to work on this matter.

Indeed, Ireland is in a particularly ambiguous situation where you have these big tech companies on your soil, which means the Data Protection Commission, DPC, has more responsibility than other data protection authorities. It also means that the data protection authorities will, from time to time, turn to the DPC to ask what it is doing about a particular issue or why it has not acted on it. I think that it is also interesting for the European Parliament to enter into a discussion or conversation with the Irish political world about what competences should remain at member state level, what Ireland feels is sometimes too much of a burden and how we can work on it. With the Digital Services Act and the Digital Markets Act, some competences have gone to the European level. I think this is something we can continue to develop, because there are still things that we can invent, create and work on. The European Parliament is not very happy with the DPC. The last time we invited representatives of the DPC to the LIBE committee, they did not attend. Our relationship with the Data Protection Commissioner, Ms Helen Dixon, is not always easy. Perhaps the committee can help to create a better climate for us to work with the Irish DPC. These are areas on which we should really try to work together, and not in opposition.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I call Ms Daly.

Ms Clare Daly:

We have a hierarchy and I am the attending Member, so I have to go last. It is nice to be back and it is good to see everyone again. I wish to raise a few issues. First, as far as I am concerned, the Oireachtas Committee on Justice is in many ways uniquely placed to play a constructive role in dealing with the problems that are at the heart of our data supervisory situation - not just in Ireland, but across Europe. I think that perhaps the way the narrative has developed is that it is an Irish problem. I do not see that as being the case. In some ways, actually, the report published by the committee feeds into that narrative. However, having said that, I think the committee could still play a very valuable role in dealing with what the actual problems are. Yesterday we discussed the fact that some of the problems with the system are caused by the Irish legislation. It is an issue that we will also discuss with the Data Protection Commissioner, Ms Dixon, later on. Many of the demands set out in the report by the committee were addressed to the DPC. To my mind, they would be better addressed to the Government. For example, the committee recommended that the DPC should clarify its definitions of cases being concluded or resolved, but it did not deal with the fact that the DPC did not make up that informal process. The informal process is provided for in the legislation. The threshold at which the DPC, in another member state, issues a decision is far lower. When the committee is comparing cases with other cases, it is comparing apples and bicycles.

Moreover, in the report the committee stated that Ireland had issued decisions in four out of 196 cases since 2018. That is not actually an accurate figure. The European Data Protection Board, EDPB, internal marker information, IMI, system figures are based on group cases. The figure could refer to 900 cases. Each case could comprise one, 15 or ten cases. We are being unfair in those comparisons. I think that is very important. We are painting a particular narrative. It might explain why the Irish DPC is a bit defensive. We are saying it is way behind in its work. Actually, in a majority of its cases, it does not issue decisions. It resolves the case and the matter is concluded, but it is not referred to as issuing a decision. The committee used Spain as a comparison in its report, which is not fair. The Spanish legislation allows its data protection authority to make decisions and impose financial penalties at a much lower level. The committee called for the DPC to enforce its powers of sanction, but again, the legislation does not provide the DPC with the power to impose fines directly in individual cases. I want to highlight those issues. Having said that, I believe there are issues to be addressed, but they need to be addressed by the Government. I am wondering, in that context, if the committee has had any dialogue with the Minister and the Department, or the DPC itself about weaknesses in the legislation. I think the legislation may not even be compatible with EU law. I am not sure. The reason why I know and am hung up about it is that when the legislation was being passed, Mick Wallace and I moved amendments to ensure a decision was issued in each case but they were voted down by others. We are in this situation. I am not sure that issuing a decision in every case is the best approach. It could clog up the system because Ireland is getting far more cases. If the cases are being sent cross-border, it could clog up the system. I think the committee is in the best place to discuss these issues. Some of the emphasis around the problems lies beyond the DPC. They are very much legislative issues that we need to address, which is why it is great for us to be able to come in here and look at it. It is great to be here on that basis.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

That concludes the opening remarks from our visitors. I will respond briefly and go back around members. I thank our guests for their remarks. As I said at the outset, I think we understand and share - in most cases if not all - the frustrations across Europe. We are not necessarily wearing the green jersey today. We realise there are issues. That is why we have been delving into them ourselves. Our goal is to improve the output, efficiency and the processes. We want to address the issues domestically, which will have European implications, because obviously, the remit is Europe-wide. That is something we are very keen to do.

Just to pick up on some of the last comments in terms of where this report goes, our own meeting and our own deliberations, the report that we produced will go through to our main plenary Chamber at the start of next month. It will be debated in the Dáil Chamber, which is our principal Chamber, with the Government Ministers etc. in attendance. That is the next round of the process. It is scheduled for 6 October. On reports, like every good committee we produce a lot of reports, but the committee does not have executive powers to enact the reports. However, we can continue to champion them. We are doing that. Indeed, there will be another opportunity for members to do that in the Chamber in two weeks' time. I think the meeting today is quite well timed, in the sense that I am sure we will take outputs from this that we will actually carry over into that debate. Ms Daly mentioned the legislative changes that may be required in order to enable the DPC to do some of the things that have been recommended by us.

I want to go round the table and let everyone make an opening remark. Perhaps we will go in the order that people are seated, for simplicity. We will start with Deputy Kenny.

Martin Kenny (Sligo-Leitrim, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

I thank our guests for their participation and interest in all of this. I guess the unique position Ireland is in, in having so many of the big tech companies here, puts that huge emphasis and burden on the Irish system. Of course, we recognise that every country in Europe has similar issues. Many issues have been raised and I fully accept that our guests know that the work we did in the report was our best attempt to try to look at these issues. Some of the problems that are there, naturally enough, will require legislative change. We may be required to change or amend statutory instruments to get this right. We have to recognise the development of all of these technologies and the whole sphere of how the Internet has reached into people's lives and how many of these data companies have huge power is something that is evolving all the time. We are going to need to have flexibility. What we can do here or in Europe today may be out of date in two years' time. It may need to be continually resolved and evolving. That aspect of it is something that we need to collectively work on with the MEPs and the other data protection authorities in each country across the European Union.

Pa Daly (Kerry, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

I welcome our guests to the committee. I am particularly interested in hearing any suggestions that they might make to strengthen the recommendations in the report before it goes to the Chamber. I am particularly interested in the complaints handling system of the DPC. Many constituents tell me they feel they are not getting anywhere with issues they have and they find it very difficult to deal with the tech companies. There was a question about the new commissioners. According to the legislation, there can be up to three commissioners. It is an attempt to have more expertise in order that we can be better informed. I welcome our guests and look forward to the discussion afterwards. Hopefully, we can strengthen the regulation for ordinary citizens as much as anybody else.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

I welcome the delegation and welcome Ms Daly back to the House. I believe that, previously, she was a member of the Oireachtas Committee on Justice and Equality.

I have lots of questions but I will try to hone them into one or two because I know we do not have much time. I seek clarification from Ms Sippel on her reference to an independent investigation. Does she mean improving the DPC's ability to carry out an independent review? I was not sure because her comment followed on from her question as to whether there would be a hierarchy between the three DPC commissioners, if we were to have them. I was not sure whether she meant the commissioners would independently investigate one another's decisions on GDPR complaints.

Ms Birgit Sippel:

Just to clarify, I was talking about an investigation in the general rules and procedures of the DPC to find out if there are internal gaps. I did not mean an investigation between the commissioners but an external investigation into the work.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

I thank Ms Sippel for providing that clarification.

Ms Daly said that Spain's legislative framework allows its data protection authority to make decisions but that it probably has less to consider. Would the introduction of two more commissioners in the DPC support the move to defining in the legislation that decisions have to be made because there would be three DPC commissioners working on the cases? Can we solve any of those issues, such as backlogs, how the Data Protection Commission is working and the determination of decisions? Would having three DPC members alleviate that?

I will ask one final question before Ms Daly comes in. Has a review been done at an EU level on GDPR being EU-wide legislation, on what is the preferred legislation across the EU, and on what country is setting an example in this regard? Notwithstanding that each country has a different caseload, and I understand each context will be slightly different, has any country shown a good way to legislate for GDPR?

Patrick Costello (Dublin South Central, Green Party)
Link to this: Individually | In context | Oireachtas source

I will start with Ms Sippel's question about what is next, which jumps off into a lot of places. One of the recommendations we made was that there should be a review of the Data Protection Commission's policies, procedures and processes. It is of fundamental importance that this is an independent review. I note the DPC commissioned a review recently but it is important that it is done by an utterly independent person, not one chosen by the Government or the DPC. That must be underlined. If the problem is that the policy, procedures, rules and decision-making processes are unclear or weak, and that is not the result of any particular culture in the organisation but is the result of our legislation, the committee and the Oireachtas have a responsibility to improve the legislation. An independent review is very important and it ties in with those other points.

As for what is next and having two more commissioners, it is fundamentally important that we have at least one commissioner, if not more, who has experience in an investigatory, arbitration or judicial role. The DPC is a quasi-judicial body. We have a large number of bodies in Ireland with varying strengths and weaknesses within them. However, someone who can bring an understanding of investigations and trials in a sense, and the fair procedures that go with them, is absolutely essential.

Ms Daly asked whether the legislation was in line with EU law. I question whether it is in line with Irish law. Our courts made a recent decision, the Zalewski decision, which talked about what fair procedures are in terms of quasi-judicial decision-making bodies, and I do not think the DPC, like many other bodies, lines up with that. We have seen huge reforms of the Workplace Relations Commission where evidence is now sworn, there is cross-examination and proceedings are held in public. None of that happens with a complaint to the DPC. The Zalewski decision has serious consequences for that approach. Even if we park all the other problems, the Zalewski decision alone would argue for a clarification and strengthening of the procedures. Emergency legislation was rushed through the Oireachtas regarding the Workplace Relations Commission. Following on from the Zalewski decision, we need to look at that in the context of the Data Protection Commissioner as well. It is scary to think that we will need it for the Residential Tenancies Board and a dozen other bodies but I am going off on a tangent now.

I will circle back to the point about the three commissioners. There should be no hierarchy. The three commissioners should work together to make a decision. That may slow things down but when dealing with fundamental rights, efficiency is not the yardstick we should be using to decide if the processes or procedures are right. Three people making a decision, as is the case in a divisional court or the Supreme Court, will make for argument and stronger and less arbitrary decisions. That coupled with the clarification of the procedures, whether in law or policy, is essential. The next step to clarifying those procedures will be the independent review. I am conscious that a judicial review under the terms of the Zalewski decision may kick that door open whether we like it or not.

Thomas Pringle (Donegal, Independent)
Link to this: Individually | In context | Oireachtas source

I thank the MEPs for their input. It probably would have been better if we had this input when preparing the report because it gives a difference angle on it. Our report identifies problems but the problems appear to be with legislation rather than with the Data Protection Commission itself. Having looked back over committee correspondence, while I could be wrong, there does not appear to have been any correspondence from the Data Protection Commissioner setting out her views on the report. It has been over a year since it was published. If there are issues with the legislation, surely the DPC could be flag the issues that need to be addressed and we could, in turn, deal with them. We will not deal with them with this Government but we could flag and raise them in the Parliament, which would be important. This needs to be teased out further.

It is interesting to hear the differences between different data protection commissioners in different countries. That is important. Obviously, more work needs to be done. I am glad to hear our report will be discussed in the Dáil in the coming weeks. That may be part of the MEPs' mission in coming before the committee, which I welcome. We still have work to do but hopefully we can work together and ensure we come out with the right decision.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

If other members drop into the meeting, they will be given the opportunity to speak as well. I invite Ms Maite Pagazaurtundúa to contribute again.

Ms Maite Pagazaurtund?a:

I thank the Chairman for allowing me to take the floor. We have listened to members' very pertinent comments. There are objective issues on which we can intervene. There are some other issues that they have told us about that have more to do with perceptions that everyone may have, or with the parliamentary work that members are going to develop from now on.

If the committee members and we are concerned about the issue of the general data protection regulation and how it is applied in Ireland, it is because it goes beyond Ireland and because there is a bottleneck. In very important cases we do not have the tables of law to say what is a perfect performance or best practice. The metrics are not perfectly comparable, but we do know there is a certain percentage of cases that refer to the big technology companies, which move a very large volume from an economic point of view. We are aware a percentage of cases are transnational and we are aware authorities in other member states do not feel they have much transparency with regard to these cases where there could be more co-operation, more collaboration and an exchange of analysis in this regard. That is objective. I cannot answer about the performance. As we have seen, there may be differences here on the thresholds of implementation or not, but objectively there is a bottleneck here.

On the other hand, in the meetings we have had, we have been told about the need for the improvement of a culture of transparency of the GDPR with regard to those who handle complaints to the agency and with regard to other heads. We know that. When we talk about a review, we are not inquisitive. We are extremely respectful of your competences and of the bodies that must be independent and that must have a culture of independence, but also a culture of transparency. We must know what that means, to manage the cases and to know why some cases are considered solved without us knowing. We must understand that we are on the threshold of a policy of protection, not only of data but of our private life and of what our democracies are. That is why we come in a constructive way to learn with the committee. There are things we will not be able to answer, but together we will be able to put in place, each in his or her own area, the pieces that will improve and minimise the bottleneck that exists.

With regard to the question of the two commissioners, I believe we are all very close in terms of selecting the most competent people to do the job. In Spain the courts have just invalidated the process of choosing the new heads of the Spanish GDPR because there had been interference by political parties in a pact to choose who should be the first and deputy head of the office. The courts have said "No", that they should start from scratch, that there should be no politicking, and that there should be no intervention of politics for something that has to be based on capacity, merit and experience to do the job well, as well as to avoid other external interference. I think we are very close on what not to do and what to do. People should be chosen when there is a bottleneck. There seems to be no doubt. What should they be like? They have to be people with a great capacity for work, and they have to know about the work they are going to do.

Another aspect is whether the structure should be hierarchical or horizontal. I do not believe we as a parliament can tell the committee that, but they should be competent and their interest should be to improve working capacities. They should help to ensure the culture that is established in the institution is stable and that the flow of people in and out of the institution does not cause instability, so the culture of independence and stability is solid, as the committee has said, along with transparency in the context of rules of procedure, protocols, and everything the committee has mentioned, and everything that others who have met with us have said to us. I think we are very close. I believe we are very close and with a very constructive scope.

As for the one-stop shop, we have to tell the committee these things because here is the one-stop shop for the most relevant cases that are defining the future of a technology, and a way of protecting our societies. I will now pass over to my colleagues, who are huge experts.

Ms Birgit Sippel:

I thank Ms Pagazaurtundúa. I do not believe there is much I should add right now. There is a common line, between what we have heard from Deputy Costello and I understand that Senator Ruane is going in a similar direction when it comes to an independent review to find out what is going on and on the function of the three commissioners that should be there too. It is remarkable that Ireland's Data Protection Commission, DPC, having similar resources to many others in the European Union, does not deliver the same number of clear results. There are a lot of big tech companies here, so Ireland might have more complaints than other member states, but the DPC is not even delivering the same number of results as others. There must be some reasons behind this. It is good to have an independent review to find out what is going on.

There was another question that may have been directed more to Ms Clare Daly, but I would also like to go into it. The question was on the review of GDPR. To be honest, I am not in favour of opening GDPR to do a review. We should, however, think about making more use of the European Data Protection Board, EDPB, and the data protection authorities, DPAs, have started to do this, to ensure the interpretation of the rules on GDPR are used in the same way, or in a very similar way, all over the European Union. With that, we might even increase the way in which the different DPAs in the different member states can support each other to ensure there is a level playing field and the same rules are used with the same interpretation all over the EU. That would be my first answer to the question on the review of GDPR and the role of the EDPB. That role is very important in this situation.

Mr. Paul Tang:

Let me underline Ms Sippel's words. I like very much in the committee's report the emphasis on extending the number of commissioners to bring more balance to the organisation. To my mind, the independent review could also be a peer review. It could be a very good way forward, for us on our side as well as Ireland's side, to see what is going on. We need very good competencies for investigation in that regard. We just had an exchange of views with Meta, formerly Facebook, that gave us a very odd interpretation of GDPR. We need a supervisor who also thinks this is odd and goes after that. We need a very proactive supervisor who would not just have these exchanges with Meta-Facebook but also would look into that. From the outside, it would seem that this is one of the capacities that is certainly missing. I appreciate the work the committee has done so far.

Ms Gwendoline Delbos-Corfield:

How accountable is the Data Protection Commission to this committee? Where is it accountable? Are the commission's activities and what it does discussed every year? To whom does the commission present its annual report? The committee has been quite critical, and we seem to be on the same line on a number of things, which is not reflected in the decisions we understood would be those of the Minister for Justice.

How does the dialogue with the Minister for Justice take place? The committee produced the report and we understand that, following on from the report, the Minister for Justice has taken certain decisions. We understood there would be a hierarchy between the three commissioners but the committee does not seem to completely agree. We understood that this review aspect was not followed up completely. How are the powers and balance of powers organised between the committee and the other bodies? Who is accountable to who? How is all of this functioning? Every year, the French data protection authority, DPA, comes to the French Parliament and has to present on what it does and is then questioned by members of the Parliament.

To follow up on the remarks of Mr. Tang, we have met TikTok and Meta and in both cases, to be honest, how nice they are about the DPC was not reassuring . It is a very nice and open dialogue and they meet regularly and it works very well and all of that, which is one part of the job. I do not think it should only be about threats and fines and all of that, but that is the other part of the job. It feels like it is only in a monthly dialogue that they can construct things. They do not have the feeling of really having somebody holding them to account. What power does the committee have in that regard? How can it work on this issue?

Ms Clare Daly:

The independent review is very important. I do not think anybody is of the opinion that it should not be independent. I am sure the DPC itself does not think that. The days of organisations investigating themselves, as the Garda did previously, are gone. That goes without saying.

The bigger picture relates to where this is going in Europe. To follow on from a point made by Ms Sippel, I agree that we should not be looking at the main legislation. However, the EDPB has begun to consider how it operates. That may be the beginning of how it standardises its work. In June or July they brought everybody together for a meeting in Brussels to consider that issue and the whole area of where it is going. That is important because the standardisation of definitions will be important in maybe overcoming some of these problems of what I will call false comparisons.

I will take Spain as an example because is roughly the same in terms of size, although we have far more big data. It has a system of fining little and often. The system is set up at a very low level such that in an individual case the DPC can deal with it and impose a fine of €1,000 or whatever. The Irish situation legally prevents that from taking place. There is an obligation to go to an amicable resolution. The DPC is prevented from issuing fines in individual cases. One then has the debate centring on the Irish DPC being miles behind everybody else, but the figures are not there to make that comparison. At the moment, Emily O'Reilly is looking at what figures are kept by the commission and so on, which obviously has a role in this as well. That is important to note.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I thank our witnesses. I will make some closing remarks. We will not go back around the table again because some people are under time pressure. We will have an opportunity for an informal chat over a cup of tea or coffee after the meeting.

Ms Sippel spoke about the EDPB approach. It is an interesting point. One of the findings of our report and something that came up repeatedly in discussions, including recently when a few of us met with Mr. Schrems, is that the one-size-fits-all approach is problematic at times. A view is sometimes expressed that the one-size-fits-all approach in the context of GDPR means that the large tech companies have an overly simplified process whereas the small enterprises and businesses are tied up in knots with an overly complicated process. A banded approach based on scale may be more appropriate. There is an understandable reluctance, however, to revisit this issue because it took so long to get to the GDPR and get everybody on board. There is a reluctance to open the tin again. I understand that and I will take note of the EDPB process. Perhaps the committee will do so too. It is something we may consider. It is an interesting suggestion.

A question was asked about how independent the DPC is. I noted Ms Delbos-Corfield's comment in respect of TikTok. It is never a good sign if the poacher likes the gamekeeper. They should not be friends. It is an interesting observation. We have noted similar in some of our investigations and findings. The legal position is that the DPC is independent in the performance of its functions. It is not strictly accountable to, but is under the auspices of, the Minister for Justice. It is certainly funded from that Department so there is, at least, a dotted line.

As a committee of Parliament, we do not have a direct supervisory role but we do have a voice that we can use, so we have an advocacy role in producing reports like this and having sessions like this. We may exercise that power more. We can express concerns or findings and we certainly hope those are noted. To be fair, I think they are noted, although they may not always be followed through as we would like.

When an appointment is made under the remit of the Department, the committee has a right of audience to bring the appointees in for a sort of approval hearing before they take up the position, and we will invoke that procedure at every opportunity. There is a lot of talk about additional commissioners being appointed. If they are, the committee will demand that they come before us to be vetted or to have an engagement with us before taking up the position. It might be a useful way to not only improve the quality of appointments, but also to start off on the right foot with them because we can express concerns from day one. That is a power we will exercise again.

Ms Daly made the point that the little-and-often approach is a very good system. It is probably a personal view but doing something quickly, so that it is good enough, and then moving on to the next thing is often better than striving for perfection and never getting there. We may be able to examine in a little more detail the Spanish system which Ms Daly stated takes that approach. The idea of producing multiple rapid mini-decisions or mini-outcomes rather than having a convoluted eternal process that does not actually perhaps ever get to resolution appeals to me. It is something to follow up.

I will conclude by thanking members on both sides of the room, as it were; both our home team and the visitors for coming in to us. There will be a further debate on this issue in the plenary Chamber in two weeks. This meeting has been very useful because we can take the outputs of it as further fuel for that debate and for other points that can be raised. I urge all present to keep the conversation going. They should feel free to keep in touch with us, and we will do likewise. This sort of engagement is really helpful. I hope our guests found it helpful also. That concludes our formal business. There is a little bit of housekeeping to be done. We will have an opportunity to have a chat outside the committee room.

The committee will stand adjourned until 2 p.m. on Wednesday, 28 September for a meeting with stakeholders regarding the challenges facing rank-and-file members of An Garda Síochána in the performance of their duties. There will be no meeting next Tuesday as it is budget day. There will be a meeting on Wednesday instead. I again thank-----

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

I know this is not the time but I do not think we will have another opportunity to state whether we agree in respect of the meeting next Wednesday. I know it is not ideal but can we clarify what the session on Wednesday will be?

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Yes. It is a meeting with stakeholders regarding the difficulties and risks facing rank-and-file members of An Garda Síochána in the performance of their duties. The stakeholders are the Garda Representative Association, the Association of Garda Sergeants and Inspectors and a witness named Mr. Tony Gallagher.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

I am completely opposed to that session.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Okay.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

It is too reactive to and stigmatising of the recent events in Cherry Orchard and it is too shortsighted, given we are not discussing poverty, combat poverty agencies or a task force. In addition, there could be reference to legal cases in the context of Cherry Orchard. I am completely opposed to that session.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The Senator's views are noted. We can have other sessions on that topic. There is enough knowledge and wisdom on the committee not to delve into live cases, so I think we can manage in such a way. Concerns were expressed in the aftermath about Garda equipment, resources, staffing and so on, which can be looked------

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

Was the session suggested in reaction to the events in Cherry Orchard? I think we are reacting to the wrong thing.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The session was proposed and agreed at the meeting of the joint committee on Tuesday, and that is where it is coming from. If members want to suggest other topics for consideration, they can do so. I will close the meeting for today-----

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

That is disgraceful.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

-----and thank our visitors. Deputy Pringle wishes to come in.

Thomas Pringle (Donegal, Independent)
Link to this: Individually | In context | Oireachtas source

I did not make the meeting on Tuesday. I apologise for that. I was not aware that this was coming up next Wednesday. If we look at how this was dealt with and look at how this committee dealt with the death of George Nkencho, however, it was handled completely differently. We are doing this now in the jaws of the reaction to what is happening in Cherry Orchard, which is completely wrong. There is no doubt about that. It is a situation that was handled very differently. It sends out the signal that one is more important than the other.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

It is actually a whole pattern of events, to be honest, not just one.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

Then it should not be dealt with next week. There should be enough distance between what has been on social media and the proposed session. The proposed session was not in the timetable that was given to us at the start of the year, so it is a new session and thus a reaction. We should not have the session.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Okay.

Thomas Pringle (Donegal, Independent)
Link to this: Individually | In context | Oireachtas source

It has been slotted in very quickly too.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Sure. One of the aims of the new term is to be more responsive. It has been an issue in the past that it takes time to organise meetings, and we have had some difficulties in the context of the Kerins judgment. Members will be aware of correspondence I sent to the Minister this week. I sent it also to the Ceann Comhairle and the Chairman of the Working Group of Committee Cathaoirligh. It was about how we order our business and how it has been a frustration of this committee and for me as Chairman that we have not been able to respond more rapidly to issues of concern to members. When issues are raised, there is the Kerins judgment, there is stakeholder engagement, there is lead time and all sorts of issues that arise that mean we have not been able to tackle issues in a timely fashion at times and that is something I would like to improve. This is the start of a new trend in the new term.

Thomas Pringle (Donegal, Independent)
Link to this: Individually | In context | Oireachtas source

I beg to differ with that too, Chairman, because the attitude of the committee to the George Nkencho case was to push it out. It was about not wanting to react or saying we could not have a way of reacting but now all of a sudden we are reacting.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I do not want to labour the point because we have visitors, but that was in the early stages of the committee's term. We were all finding our feet. Perhaps if that were to happen tomorrow, we could have a different approach and respond more quickly.

Lynn Ruane (Independent)
Link to this: Individually | In context | Oireachtas source

We should vote on whether that session is taken.

James Lawless (Kildare North, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

Can we perhaps excuse our visitors and then return to this matter? We should not have an internal housekeeping debate. I thank our guests. We will see them in a few moments.

Ms Maite Pagazaurtund?a:

I thank the committee for the exchange of views and for being so real.