Róisín Shortall (Dublin North West, Social Democrats) | Oireachtas source

I am glad to have the opportunity to contribute to the debate. Every state relies on the trust of its citizens to be able to deliver vital services. The Revenue Commissioners have access to the details of our personal finances because they need them to collect tax equitably. The Department of Employment Affairs and Social Protection has access to details of our work and family circumstances because it needs them to deliver the correct payments. People accept the legitimacy of these uses of their data because they clearly understand who will process them and for what reason. The general data protection regulation, GDPR, codifies this right in law and is directly binding on State bodies as much as everyone else. The Court of Justice of the EU, in the Bara case, confirmed that EU law "must be interpreted as precluding national measures that allow a public administrative body of a Member State to transfer personal data to another public administrative body and their subsequent processing, without the data subjects having been informed of that transfer or processing". Yet this is exactly the model of data collection and the subsequent sharing of that data between public bodies with which this Bill persists, despite the clarity of EU law. The Government must realise that to force this Bill forward without addressing this contradiction is to invite inevitable litigation, wasted costs and likely claims of compensation and fines from the European Commission. More important, to press on with this quixotic Bill is to strike at the root of that vital relationship of trust with citizens. Plainly put, then, the modern State needs good data to produce good governance, and it will not get this if citizens do not trust the Government to be an honest and plain dealer.

We have experienced the limits of the Government's coercive approach to data collection in the public services card project. The Road Safety Authority, RSA, was instructed that it was Government policy to force people to get public services cards before it would allow them to get driving licences. The RSA spent €2 million building an online applications system on the basis of this requirement. Then, a year after it was declared the rule was compulsory, the authority was told that the Attorney General's office had found no legal basis for the requirement. Civil society groups such as Digital Rights Ireland had been warning for years that there was no legal basis for making the card compulsory. The same groups have been warning that the model of this Bill is misconceived. Why can the State never acknowledge it should change direction until it has cost us all dearly? There are umpteen examples of this.

We can look abroad to see how this kind of behaviour plays out. The British Government pressed on with its plan to share medical records without taking account of citizens' concerns. There was a collapse of confidence among the public as it realised the government could not answer basic questions of legality and governance. After more than 1 million people refused to participate, the NHS Care.data project ended up being scrapped at a cost of £8 million - £8 million which was wasted. A similar scheme was introduced in Australia, where a voluntary, centralised medical records system was converted to one automatically enrolling every citizen unless he or she opted out. The consequential collapse in public trust in this scheme contributed to the sudden end to Malcolm Turnbull's tenure as Prime Minister and required the government to promise emergency amending legislation.

Ireland is not by any means a nation of Luddites. It is not backward to be careful about the privacy consequences of technology and sloppy data projects. Data experts, the people who know the most about the consequences of these issues, are the most cautious about the potential for misuse and mistake. Research has shown that, whether in private or public systems, approximately 68% of IT projects fail. Success is not achieved by rushing forward and ignoring constructive criticism or by denying the plain reality of what is and is not legal.

This Bill was introduced with the claimed purpose of implementing the EU's public sector information directive, but that directive is intended to create a culture of open data, encouraging the release of state information for the benefit of the economy and society. The plan to take citizens' personal data and reuse them between public bodies without further notice to citizens does not address that directive's purpose at all. Either the Government has misunderstood the public sector information directive or it is citing it simply as an attempt to bluff its way past the lack of a legal basis for the plan it wants.

I have spoken about some of the examples from abroad of government data schemes failing at great cost, but we have had one relevant example closer to home. The abject and expensive failure of the Reach public service broker project was described in the Comptroller and Auditor General's special report No. 58 on eGovernment as follows:

The Broker was innovative [and ambitious]. However, [its] feasibility ... was not examined early on and planning was weak.

The Comptroller and Auditor General estimated the eventual spend on the project to have reached in excess of €37 million.

The Reach programme was effectively the State's last major attempt to share citizen data between Departments. As such, it is important that the lessons are learned from its failure. The Comptroller and Auditor General concluded that it was likely that Reach could have delivered the broker system in a more timely and cost effective manner had the governance, staffing and risks been managed more rigorously.

The Comptroller and Auditor General's report did not consider the benefits of data transfer to be sufficient to justify the project's costs. The willingness to put a halt to a bad plan is as much the hallmark of a strong Minister as is his or her ability to implement a good one. I call on the Minister of State to acknowledge that this Bill, as it is currently conceived, will harm public trust and create significant potential risks for the public purse beyond any value which it offers. I urge the Minister of State to go back to the drawing board and rethink the entire approach of this Bill.

See this speech in context