Patrick O'Donovan (Limerick County, Fine Gael) | Oireachtas source

I thank the Deputies who made contributions. Many were in line with those made in the Seanad.

Is important to remember the Bill relates to data sharing and governance, not data collection. It will facilitate a legal basis for what is already happening in many instances. This is the transfer of data from one public body to another in a supervised and governed fashion. The person at the centre of the data transition would have access to a data portal so it can be seen where the data has been moved, for what purpose and who has viewed it. A board would be established to ensure this is done properly and in accordance with the law, as laid down in previous Acts of the Oireachtas and the GDPR. It would also provide for other issues that the Minister sees as being appropriate in terms of data sharing. It does not get into the collection of data for each of the individual public bodies, which are sectoral matters. I know a number of these were raised last night and tonight, including matters relating to adoption, HIQA or the public services card.

The Bill does not in any way change the Social Welfare Consolidation Act 2005. It does not set out to do that and it is not about that but what it is about is to give a legal framework for what we are already doing. An example of what we are already doing is the collating of information for public servants who have worked in a number of different aspects of the public service to make sure that their pension can be properly accrued, for example.

Each data transition from body A to body B will require an agreement being laid out that goes through a consultation on which people have a right to have a view. Outside all that is the Data Protection Commission, which will stand in a watchdog position, that is, maintaining its current position in respect of the collection and use of individual personal data.

Nothing will change in the existing legal framework and this measure will enhance it because for the first time, it empowers and obliges the State to handle data in specific ways for public services. That is all this Bill does. It underpins what we are doing at present without a legal basis and as I noted in the Seanad, is a lacuna in the law. At present, we are transferring information from public bodies such as Student Universal Support Ireland, SUSI, the Revenue Commissioners, the Department of Agriculture, Food and the Marine and the Office of Public Works, OPW, on the basis that it is for the good of the person for whom the service is being provided but it is being done without a legal basis and this Bill provides that legal basis. An example of it is in Part 5 of the Bill pertaining to public servants who may have worked in different elements of the public service and who I am sure would welcome the provisions laid down in the Bill that allow for their individual and personal data to be shared in a manner that is governed by a board. While attempts were made here last night to disparage the board's construction, it will have, among others, ex officiomembers who are public servants who deal with this issue on a regular basis in different Departments and who have an expertise that may have to be called in from the outside and it also will have a gender balance. The parent Department in this regard will be the Department of Public Expenditure and Reform. This is part of the reform agenda and is an acknowledgement from the Government that it is finally addressing an issue that has long needed to be addressed. A legal basis is being provided in the law for the transition of public personal data and data in general from body A to body B.

As for some of the comments made last night, I welcome Deputy Cowen's support for the Bill and he referenced hacking. Section 64 of the Bill provides for the issuing of data management standards, which is important. I agree with the sentiments he expressed on social media, its abuse and how it is construed at the moment. Unfortunately it is outside of the scope of the Bill but I am sure the Departments of Children and Youth Affairs and Justice and Equality are looking at the matter. I was a member of a previous Oireachtas committee that looked at it as well and Deputy Burton also referred to it.

Deputy Jonathan O'Brien asked that the officials from my Department would be made available to help in teasing out any potential amendments and I assure him that will happen. He has availed of that facility previously and I make the same invitation to other Deputies with the Bill because there seems to be confusion as to what the Bill is about versus what it might be about because of the Title. If anybody wants to engage with my officials or with me at any stage between now and Committee Stage I will be delighted to do that.

Deputy Jonathan O'Brien also asked about mechanisms to have data corrected or removed. The GDPR underpins a lot of what we are doing here anyway but specifically, section 44(2)(c) provides that people will be able to use their personal data access portal. We are signatories to the Tallinn Declaration on eGovernment. I agree with the comments that have been made here regarding snooping within the public service and the question of whether people's information is being accessed and for what purpose. That would leave a fingerprint and a trail and it functions in the same way as online banking because customers would be able to log on and see that the Revenue Commissioners, for example, looked at their data on a particular date. That is important and this provides a legal structure in which that will be able to take place.

I recognise the difficult case Deputy Burton to which referred and she was speaking in a personal capacity on adoption last night. As I have said on other issues such as cyberbullying, it is outside of the scope of the Bill but I sympathise with many of the issues that she raised. I refer to what Deputy O'Dowd has just said on the HIQA data that have been used inappropriately in Beaumont Hospital and which ended up on the side of the road. That is totally unacceptable, as were the difficulties Deputy Burton experienced to which she referred to last night.

I have already referred to section 64 of the Bill, the standards that are being used and the concerns around logging and how these logs are being made available. The data access portal will allow people to use those logs and it will identify inappropriate accessing of data from different elements of the public service. It is fair to point out that this already is an offence under the Data Protection Act 2018 and there are criminal actions for the breach of same. People might not be aware of that but there are.

Deputy Burton also had concerns about the governance board. We spent a lot of time teasing this out in the Seanad. I encourage people to look back on the debate that we had on the Seanad. To be honest it was highly constructive and I said at the time that the standard of the debate there was really high in terms of the level of detail to which we went down and we made changes to the board based on suggestions that were made. The majority of the members are ex officio appointments and they will be suitable officials from public bodies such as the Central Statistics Office, Revenue and the Department of Agriculture, Food and the Marine. They will come with the skill set that will be needed to give advice based on the agreements that will be laid out between the different public bodies. They also will give guidance on the implementation of the Bill when, as is hoped, it becomes an Act.

Deputy Wallace raised many issues last night on the public services card and the MyGovID and it was referenced again tonight. The Bill has no specific provisions on the public services card, it is covered under the Social Welfare Consolidation Act 2005, and the public service identity set remains restricted to those bodies specified in the Act.

Deputy Wallace also raised the issue of the once-only principle last night. The once-only principle is what service users of the State really want in many cases and it drives them off their heads when they have to give the same information to multiple bodies multiple times. This legislation on the once-only principle as put into the Tallinn Declaration on eGovernment allows Governments to use that information in a way that delivers for the public and for citizens. This Bill allows for that and, more importantly, it does so in a manner which protects the individual by way of the agreements that have to be put in place that are open to public consultation and on which people can provide submissions. The Data Protection Commission and GDPR are there in the background and there is also a situation where once those data sharing agreements are in place, the individual online application portal will allow people to go in and see why public bodies might have looked at their data.

The benefits are clear and they were laid out by a number of speakers in the Seanad, notwithstanding the fact that there are concerns and it is right that there are concerns because we have not historically had a great record in this regard. The example Deputy O'Dowd mentioned about Beaumont Hospital is illustrative of that because it was not acceptable.

Deputy Shortall made reference to the Bara case and mentioned transparency in how data is stored. The Attorney General advised on this Bill having reflected on the Bara case and one of the important points that came from it concerned the public data portal, which I ensured would be reflected in the Bill.

This is extremely important if we are to build trust and confidence between the State and the citizen with regard to how personal data is being used. More importantly, however, the whole system has to go through an element of public consultation, a data protection review and an impact assessment, with governance being assigned by way of a board. The Bill contains provisions dealing with how the governance board will be constructed in the first instance, how it will carry out its duties and how it will report. The report will ultimately come before the Houses of the Oireachtas and Members will be able to raise it with the Minister directly. The report will be a public document and will enable the general public to see exactly how data sharing is happening. Such sharing is going on currently but in a kind of legal fog, whereby we have not recognised as a State that the sharing of personal data in a public forum should have a legislative basis.

On the issue of breaches of data protection rules, there are already strict penalties and sanctions laid out in existing legislation in terms of the protection of data and respect for same. I must reiterate the point that this Bill is about sharing rather than collecting data. Reference is made in the Bill to the base registry and how that registry will be constructed. The base registry ultimately becomes the data collector. Data is collected by the base registry and it is the registry that is responsible for the sharing of that data. The collection and the sharing of data are two different issues. The data commissioner has a role to play with regard to the collection of data and making sure it is properly stored and respected. This Bill is specifically concerned with the public bodies listed in the Schedule and how they will share data. It does not get down into the minutiae of data collection, which is the subject of other legislation. That said, I understand the concerns that have been raised with regard to data collection generally. This Bill provides for certain rules, guidelines and obligations for public bodies to enable them to better manage their data. This legislation will also provide public bodies with the opportunity to reflect, not only on their data sharing practices, for which this Bill provides a legal footing, but also on the manner in which they collect and store data.

I look forward to the Committee Stage debate and a line-by-line appraisal of the Bill. I welcome the comments that have been made thus far. I stress again that I am available, as are departmental officials, to talk through the legislation with Members. The Bill has been through the pre-legislative scrutiny process and we have taken a lot of the suggestions made during that process on board. We have also taken on board a lot of the suggestions made in the Seanad. The Bill may have to return to the Seanad if Report Stage amendments are made but I am open and willing to listen to any constructive suggestions from Members on the construct of the Bill. There are other issues that are outside the scope of this Bill that we may be in a position to put to other Departments and Ministers and I would be happy to do so.

See this speech in context