Charles Flanagan (Laois, Fine Gael) | Oireachtas source

I echo the Taoiseach's remarks about the importance of a free media in a functioning, healthy democracy. Furthermore, I must clarify that, as Minister for Justice and Equality, it would be highly inappropriate to refer to matters currently under investigation by relevant authorities or connected to the subject matter of ongoing court proceedings, to which the Leas Cheann-Comhairle referred.

The Data Protection Commissioner is the independent supervisory authority with responsibility for upholding the EU fundamental right of the individual to have his or her personal data protected. The Office of the Data Protection Commissioner was established under the 1988 Data Protection Act. The commissioner holds the responsibility for upholding the rights of individuals, as set out in the Data Protection Acts, and also for enforcing the obligations that arise from the legislation on data controllers. While the commissioner is appointed by the Government, she is independent at all times in the exercise of her functions. Individuals who feel their rights are being infringed can complain to the commissioner who will investigate the matter and take whatever steps may be necessary to arrive at a resolution. The commissioner has statutory powers to undertake investigations into complaints from individuals and enforce compliance with data protection requirements. The office also conducts on-site inspections arid audits of data protection in both public and private sector organisations

The Data Protection Bill 2018 is before the Oireachtas, with Second Stage being debated in the House this week. The purpose of the Bill is to give further effect to the general data protection regulation, GDPR, in areas in which the regulation gives member states a margin of flexibility and to transpose the accompanying law enforcement directive into national law. It will take effect on 25 May. The legislation will strengthen the independence, structures, functions and powers of the data protection commission. The new EU legal framework confers significant responsibilities for the protection of personal data on both data controllers and data processors.

In her most recent annual report the Data Protection Commissioner outlines that a total of 2,795 valid data security breaches were recorded by her office last year, representing an increase of almost 26% on the numbers of breaches reported during the previous year. The GDPR provides for mandatory reporting of personal data breaches to data protection authorities, unless a breach is unlikely to result in a risk for the rights and freedoms of individuals. The controller must report such data breaches without undue delay and, where feasible, not later than 72 hours after becoming aware of it. The report must identify the likely consequences of the breach and the measures taken, or to be taken, to mitigate adverse effects for individuals. Under the GDPR and the new legislation, public and private enforcement of data protection is set to increase. The scope of compensation claims arising from infringements of data protection rules will also increase, resulting in higher levels of private enforcement activity.

I welcome the legislation and seek the co-operation of Members in passing it. I am not in a position to comment on issues before the courts or related to a legal investigation, either inside or outside the House.

See this speech in context