Pat Breen (Clare, Fine Gael) | Oireachtas source

I thank all the Deputies who contributed to what was a very interesting and engaging debate on this Bill. As all of the speakers rightly pointed out, this is a very complex Bill that will affect us all. The Minister for Justice and Equality, Deputy Flanagan, and I welcome the broad range of views that have been expressed in both Houses of the Oireachtas. I assure all the Deputies who contributed to this debate that the issues they raised will be considered in the context of possible amendments to the Bill. As Deputy Ryan said, this is about consensus and collaboration.

I will now respond to some of the issues that were raised, although I will not be able to respond to them all. Many Deputies raised the issue of the digital age of consent. The Government acknowledges the concerns expressed by Deputies regarding the digital age of consent. The background to the Government's decision to set the age of digital consent at 13 years, including the consultation process undertaken by the data forum and the Department, has been explained very well in both Houses of the Oireachtas by the Minister for Justice and Equality. In choosing a digital age of consent of 13 years, Ireland is certainly not out of line with other EU member states as Deputy Mattie McGrath suggested in his contribution. In that context, I suggest that he reads the Bill. A digital age of consent of 13 has also been adopted by Sweden, Denmark, the Czech Republic, Finland, Latvia, Spain and the UK. I also remind Deputies that the Joint Oireachtas Committee on Justice and Equality, an all-party committee with members from both Houses of the Oireachtas, recommended 13 years in its report following pre-legislative scrutiny of the Bill. Many other leading experts, including Dr. Geoffrey Shannon, support the decision also. Arising from discussions in the Seanad, a review clause has been incorporated into section 30 of the Bill which will mean that the operation of the section will have to be reviewed not later than three years after coming into operation. That clause was welcomed by many Deputies in this House and by many Members of the Upper House.

Deputy O'Callaghan who was the first member of the Opposition to speak on the Bill referred to the need for the Data Protection Commission to be adequately resourced, as did Deputy Ryan. The Government has allocated significant additional resources to the Office of the Data Protection Commissioner since 2013 in order to ensure that it will be in a position to discharge its functions following the entry into force of the GDPR. If one takes a look back at the budget in October, the funding for that office was €11.7 million, putting the Irish Data Protection Commission in the top tier of highly resourced national data protection authorities in the EU 28. We understand the importance of the job of the Office of the Data Protection Commissioner which is why we are providing adequate resources for it and will continue to do so. The Data Protection Commissioner is independent of Government and needs adequate resources because, as Deputies pointed out, so many multinational companies have their headquarters in Ireland.

Deputy Lawless also mentioned the need for the Data Protection Commission to be given sufficient powers to carry out its functions. I assure the Deputy that the Bill will confer extensive supervision and enforcement powers on the commission, including the power to apply, ex parte, to the High Court for an order to suspend, restrict or prohibit data processing or the transfer of data to a third country or an international organisation, where there is a need to act urgently in order to protect the rights of freedom of data subjects.

DeputyÓ Laoghaire raised the issue of the transfer of personal data to the UK following Brexit. He spoke in particular about the need for an advocacy decision. While this is a matter for a first decision by the European Commission, it is worth noting that the UK Government has underlined the fact that it will be compliant with the GDPR on the date of exit from the EU. That has been made quite clear to all EU Ministers. DeputyÓ Laoghaire also suggested that the Bill should provide for criminal penalties that deprive organisations of the profits obtained through infringements of the GDPR. The position is that Article 83 of the GDPR already provides for the imposition of administrative fines of up to €10 million or €20 million or 2% or 4% of the worldwide annual turnover, depending on the nature of the breach. Many Deputies raised that issue in their contributions. That article sets out a number of aggravating and mitigating factors to be taken into account in determining whether to impose a fine and the level of any such fine. One of these factors is the financial benefits gained or the losses avoided directly or indirectly from the infringement.

Deputies Pringle and O'Dowd both mentioned an amendment that the Minister for Justice and Equality intends to bring forward on Committee Stage relating to concerns raised that GDPR may adversely impact on the ability of elected representatives, including Members of this House, to make representations on behalf of their constituents and to carry out other aspects of their work as elected representatives. I assure the House that the Minister intends to bring forward an amendment to ensure that there is an appropriate legal basis for, inter alia,the processing of personal data for the purposes of dealing with constituents' representations and requests. That amendment is being finalised at the moment and will be circulated to all Members at the earliest opportunity.

Deputy Broughan and others mentioned access to journalists' notes and the retention of personal data. Judge Murray's recommendations will be addressed in a separate Bill, the data retention Bill, which will be brought before the House at a later date. The pre-legislative scrutiny report on that Bill is being considered in the Department of Justice and Equality at the moment.

Fines of up to €1 million may be imposed on public authorities and public representatives, including Departments, local authorities and the HSE for data protection breaches, as per section 139 of the Bill. Deputy Ryan has left the House now but yesterday during Leader's Questions he raised the matter of my Facebook page and said that it did not include digital content. I urge Deputy Ryan to follow me on Twitter - @PatBreen1. He does not follow me at the moment so obviously he is not too interested in my digital activities. I would suggest that he do so because all of my work as Minister of State with responsibility for data protection and the single digital market is visible on my Twitter account. Included there are the extensive activities in which I engage as Minister of State, including activities in Brussels last Monday and the declarations I signed on behalf of Ireland on block chain, artificial intelligence and the single digital market. My account also contains information on my interdepartmental activities at the Departments of the Taoiseach and Justice and Equality and refers to the Digital 9 meeting that I am hosting here next month. I want to ensure that Ireland will continue to be a leader in the whole area of the digital agenda and digital technology and that all of us embrace it. Ireland is to the forefront in that respect. That meeting will precede our data summit which will be held in September and I hope Deputy Ryan will take note of all of that.

We hope to have this important Bill enacted by 25 May next in order to comply with our EU obligations and to ensure the new data protection commission has the benefit of the enhanced supervision and enforcement powers set out in this Bill from the outset. The Office of the Data Protection Commissioner is engaging in a very comprehensive campaign around the country currently. In my role as Minister of State with responsibility for data protection, I am involved in a comprehensive campaign that involves many seminars and social media events to ensure everybody will be prepared for the GDPR when it comes into force on 25 May. In particular, I am keen to ensure small and medium-sized businesses, microenterprises, voluntary agencies and charities will comply with the GDPR. It is extremely important this is the case. I will have a round-table meeting with those groups next week to ensure they are compliant. I compliment the many umbrella groups and bodies that are relaying this information to their members to ensure they comply with the GDPR. The Minister, Deputy Flanagan, and I look forward to working with Deputies to make progress with the consideration of this Bill in both Houses to ensure we are GDPR-compliant by 25 May.

See this speech in context