Pat Buckley (Cork East, Sinn Fein) | Oireachtas source

The motion we are considering proposes that "Dáil Éireann shall take note of the Report of the Joint Committee on Justice entitled "Report on meeting on 27th April 2021 on the topic of GDPR", copies of which were laid before Dáil Éireann on 22nd July, 2021". I will start by paying tribute to the members and staff of the committee for their work on the report. It is typical of the unglamorous but important work that committees are set up to tackle. I understand from my Sinn Féin colleagues that Deputy Lawless has done a good job within the committee.

I will turn to the concerns Sinn Féin has in this area, which were raised when the matter was discussed in the committee. The first is the resourcing of the DPC, a concern raised by Deputy Martin Kenny. The DPC takes an incredibly long time to get back to a lot of complainants. Covid-19 may have had some impact but, with much of the commission's work not necessarily requiring in-person visits and so on, that is no excuse. The delays were also an issue well before the pandemic. There was some discussion of this at the committee hearing and we respectfully diverged from the commissioner's views on the resourcing. We made provision in a previous alternative budget for an increase in funding to the DPC, which the Government heeded. However, the reality is that we are a number of years behind in terms of that investment. We cannot afford to become a data protection blackspot and it is not difficult to imagine the DPC has been deliberately under-resourced compared to its European counterparts. Given that so many technology companies are based here, far more than is the case in those counterpart countries, it is unacceptable for this under-resourcing, whether deliberate or otherwise, to continue.

The second concern, which is strongly reflected in the report's recommendations, is the issue of negotiation over enforcement. The resources tech companies have, compared with those of any State agency, are significant, and their ability to protest and litigate is extremely strong. Negotiation might make sense in order to protect precious State resources but the statistics are far too skewed away from any enforcement. A change in mindset is needed here.

A third issue that was raised was that of the mother and baby homes and how the records were going to be sealed and so forth. One would be hard-pressed to find a piece of law that is invoked as regularly and as strongly as the GDPR on a wide number of issues. Unfortunately, it is misapplied and misunderstood by many, despite the fact it is simple enough in legal terms. For instance, the advice of the Minister for Children, Disability, Equality, Integration and Youth was that GDPR did not apply to these records, whereas a number of experts felt it clearly did. There was a need for clarity as to whether the sealing of records in those cases would have been a breach of legislation, especially EU legislation. These records represent more than just data for many, and cases such as those of people boarded out, which Deputy Daly has been vocal on, need to be looked at as well.

Finally, there are increasing applications of data, or more accurately, large amounts of quantitative data, across our daily lives. Legislation and regulation need to be ahead of the curve here rather than being reactive. In that context, the report's call for a review of the Data Protection Act 2018 to ascertain if legislative amendments are necessary, and to consider codifying the published processes of the DPC as regulations, is incredibly important.

See this speech in context