Michael Healy-Rae (Kerry, Independent) | Oireachtas source

Of paramount importance to me would be the protection of privacy of data. We have seen different situations in the past where concerns have been raised over issues to do with the protection of data. On the benefits, for instance for air carriers, the new rules will apply for air carriers to transfer advance passenger information, API, data on passengers only to one single point of reception, namely the router that will distribute the data to the national authorities. The router will ensure that each relevant authority in member states receives the data. Considering situations we have had in the past, for instance HSE data being hacked and concerns among the public on that issue, when we are collecting a lot of information and it is being transferred, we have to be sure that the protection of that information is sacrosanct.

Will there be obligations to other carriers? The proposals do not extend the obligation to collect API data from other transport modes than air transport. I would like a bit of information on that. When will the new rules be fully applicable? Is financial support available to member states to implement these changes? I would like a bit of detail on that. My understanding is that financial support will be available to member states through the international security fund, ISF, and the border management and visa instrument, BMVI. However, knowing that member states already have the systems in place to process API data, the financial part would be necessary to support only certain upgrades, namely to receive additional data.

Going back to the issue I started off with, how will data protection and privacy be guaranteed? I have read that the proposals update the data protection framework related to the collection of API data by air carriers. They contain all necessary restrictions and safeguards to ensure compliance with the Charter of Fundamental Rights of the European Union including as regards the security of processing of personal data, deletion and purpose limitation and the travellers' right of information. It is important that any processing of API data remains limited to what is necessary for and proportionate to achieving the objectives of border management and the fight against serious crime and terrorism. I believe the necessary safeguards include rules on independent supervision, logs on any processing of data and data protection rules such as purpose limitation and strict retention periods. It is also ensured that the API collected and transferred does not lead to any form of discrimination precluded by the charter.

The EU is currently engaged in bolstering the Union's overall security architecture, which aims to enhance EU citizens' protection as set out in the fifth security union progress report. The report highlights three years of ongoing work to implement the Union's security strategy. I recognise the excellent work that was carried out in that report. It was very detailed. A lot of effort and time went into it. At EU level, significant steps have been made in strengthening the protection of critical infrastructure from physical, cyber and hybrid attacks. That comes back to what we were talking about earlier with regard to the HSE event that we had. Significant steps have also been made in fighting terrorism and radicalisation as well as in the fight against organised crime. However, it is less clear as to what tangible steps have been taken by the Government here to protect our Ireland from cyberattacks, as we well remember from the recent HSE cyberattack, and whether the telecommunications cables that connect this island are safe from other future attacks. Certainly, information on travellers has helped to improve border controls, reduce irregular migration and identify persons posing security risks. However, once again here in Ireland, due to incoherent Government immigration policies, our borders are seen as open doors for criminals and people-trafficking teams to attack.

See this speech in context