Michael Collins (Cork South West, Independent) | Oireachtas source

4 o’clock

I am glad to have the opportunity to speak on the eagerly awaited Data Protection Bill 2018. The Bill incorporates Ireland's national implementation measures required under the GDPR and creates a new regulatory framework for the enforcement of data protection laws in Ireland. The digital age of consent has been the subject of considerable debate in the Oireachtas. Many child protection experts, psychologists, mental health specialists and those working on the front line with children have expressed the strong view that the age of digital consent should be set at 13 years. There are compelling child protection reasons for this being the best option to keep children safe online. We need to face the reality that our children will be accessing online information and using Internet enabled devices from a young age but by reducing the age of digital consent, we are providing more protection for our children.

The draft scheme of the Bill as published last year did not make provision for representative action to be taken. There was much debate on this issue during the pre-legislative scrutiny stage and the Bill has now shifted quite a bit. It now permits a data subject to mandate a not-for-profit body to lodge complaints with the data protection commission. A mandated, not-for-profit body may also bring a civil claim on behalf of a data subject before the courts. However, such a body will not be able to claim compensation on behalf of data subjects. In effect, a not-for-profit body will be able to seek injunctive relief but not damages on the data subject's behalf. The Bill does not address how the rules and regulations on legal costs will apply to actions taken by non-profit bodies. In particular, guidance will be needed on whether a court can award costs against the data subject as well as the non-profit body in the event of an unsuccessful civil claim.

As Deputies, we possibly need to be educated further on the issue of data protection. How are we, as politicians, going to cope with this new data protection regime? We are finding it more difficult to access information as it stands. Sometimes bodies or individuals hide behind data protection and use it as a handy way to get rid of one or not to give one an answer. That is a very serious issue and a worry for politicians.

On the positive side, I visited Spearline last Friday, a west Cork technology firm based in Skibbereen. This company is a huge asset to the local community. The Minister of State at the Department of Justice and Equality, Deputy Pat Breen, launched the first phase of the company's development. The company will employ up to 60 people in its new risk compliance and data protection division. Spearline will also produce a new line of software called Spearline Data Protection which will focus on supporting organisations and data protection officers in meeting the requirements of GDPR that are due to come into effect on 25 May this year. Spearline is a wonderful example of why we need a Data Protection Bill. Not only will this Bill protect people in the context of data usage and storage, it will also create many jobs across the country in towns like Skibbereen, thus keeping rural communities alive.

See this speech in context