Matt Carthy (Cavan-Monaghan, Sinn Fein)

Gabhaim buíochas leis an Aire as ucht an eolais sin. I acknowledge, as the Minister has outlined, that these regulations will not in any way limit the rights of citizens.

They will, in fact, place greater obligations on related offices in terms of the circumstances in which they may limit the right of citizens to information. The limitations the regulations place on organs of the State to limit citizens rights are entirely reasonable. They ensure that any such limitation is time-limited to only what is necessary to safeguard the work of relevant offices and mandate that an impacted person be informed that this has occurred. Crucially, the right to appeal any such restriction is in place. This is welcome and as such will be supported by Sinn Féin.

However, it is worth examining how the need for these regulations came about and how they came to light. The need for these regulations arises because when transposing the general data protection regulation, GDPR, into domestic law, the Government included what could have amounted to a blanket exemption from crucial components of the GDPR for the Comptroller and Auditor General, the Office of the Chief Information Commissioner and the Data Protection Commission itself - bizarrely, I have to say. It is worth putting on the Dáil record what rights the Government was granting this exemption in relation to. Largely, it comprised the rights outlined in chapter 3 of the regulation, the rights of the data subject. Anyone would agree that chapter is crucial - perhaps the most crucial component of the regulation. This blanket exemption applied to ten out of the 11 articles therein, articles that related to transparency, right of access to personal information, the right to rectification and the right to erasure, which is of course better known as the right to be forgotten. It also applied to Article 34, communication of a personal data breach to the data subject, and again I am certain that anyone in this House would agree that they are among the most fundamental rights for which the regulation provided.

The need for these regulations came to light because this potential blanket exemption was identified by the European Commission. The European Commission and its President get a lot wrong, as we would contend today more so than on most days, and legitimate criticisms can be made in respect of the application of the GDPR. It can become incredibly burdensome for small businesses and voluntary groups to manage. My own experience of the GDPR is that it is often utilised by State bodies to prevent legitimate questions being asked. I am sure most Members of this House have had experience where the GDPR was cited as an excuse for State bodies or even Departments to fail to interact appropriately with elected representatives. As such, I am always open to revisiting existing policy and legislation to ensure there is a correct balance of rights and obligations. The GDPR, just as with any legislation or law, should not be sacrosanct or entombed. There have to be ways and mechanisms to change it if necessary. Of course, that boils down to the difficulties. When we accept regulations or directives at an EU level, once in place they are incredibly difficult to change. By and large, the GDPR is and has been a landmark piece of legislation. While there are many issues with it, it provides citizens with greater control regarding their own personal data, which is important. It is therefore regrettable that the Government placed not only unnecessary limitations on these rights but seemingly, in the view of the European Commission, potentially illegal limitations.

I accept, as the Minister has said, that the GDPR provides for limited circumstances in which restrictions may apply. However, the issue at hand is that the Government in effect drove an articulated lorry through those limited circumstances. That is the opposite of Sinn Féin's starting point when it comes to new legislative or policy proposals, where we prioritise and take a rights-based approach. The Government should give serious consideration to the situation anytime it seeks to limit citizens' rights, particularly their right to access information pertaining to themselves. A blanket exemption in case it is needed, even if not intended to be utilised, is poor legislative practice.

I have two questions for the Minister regarding these specific regulations, which he or the Minister of State might address in their closing remarks. This is the second set of regulations related to the issues identified by the Commission. I note they were drafted individually in the case of each relevant office on the advice of the Office of the Parliamentary Counsel to the Government in case further amendment is required in the future. Is the Minister confident that these regulations address the potentially illegal blanket exemption identified by the Commission in full or does he expect that further amendment or regulation will be necessary?

My second question is particularly important given the potential limitation the Government's legislation placed on a citizen's rights to transparency. These regulations will mandate the impacted offices to prepare and implement policies and procedures to provide for the matters relating to circumstances whereby a citizen's right may be restricted, including in relation to timeframes whereby a person's right may be restricted. In what timeframe does the Minister envisage such policies and procedures to be developed? Noting that the regulations provide that a citizen whose rights are restricted is entitled to a copy of those policies and procedures, will the Minister ensure that these are published at the earliest opportunity?

See this speech in context