Dáil debates
Thursday, 10 July 2025
Data Protection Act 2018 (Section 60(4)) Regulations 2025: Motion
7:05 am
Jim O'Callaghan (Dublin Bay South, Fianna Fail)
I thank Deputies Carthy and Gannon for their contributions. Deputy Carthy was correct in stating that these regulations are not seeking in any way to restrict the rights of a data subject. In fact, they are seeking to add protection to the rights of a data subject by ensuring that the three agencies that are the subject matter of the regulations act only where necessary and in a proportionate way when they are seeking to restrict access.
I welcome the fact that both Deputies are supportive of the new regulations. Deputy Carthy also wondered why it was not fully transposed when the GDPR was being enacted in the Data Protection Act. I was a member of the justice committee at that stage. It was an enormous task. I am conscious of the task the Deputy faces, as Cathaoirleach of the current justice committee, with the International Protection Bill. There was a similar task when the GDPR came before that committee for the purposes of pre-legislative scrutiny and Committee Stage. In fairness, understanding human frailty, things can be missed. I do not think it was a deliberate miss or anything like that.
To answer the Deputy's question, I am confident that the regulations address the issue of the legal blanket exemption. The regulations are proportionate and necessary. I do not believe I will be back again seeking to add further regulations in that regard.
The Deputy also asked what is the timeframe for the two statutory bodies and the one constitutional body to have these policies in place. I can tell him that at present, they all have policies in place and available. They will obviously need to be updated. I understand and hope they will be published next term or in the autumn. That is my expectation.
Deputy Gannon said we should have public oversight, and I agree entirely. That is what we are doing here today. The legislation states that I, as Minister, can make regulations but they will only be approved if the Houses of the Oireachtas approve them. That is a very good provision. I cannot just introduce the regulations, sign them in and have them become law. I need to come back to the Houses for the approval of the elected representatives of the Irish people. That is how we are having public oversight.
I agree with the Deputy that we should scrutinise legislation. We have good democratic oversight of legislation in this country. I sometimes contrast the position of an Irish Minister with the people who are in power in other countries. We are subject to committee hearings, frequently answer questions in the Dáil and Seanad and expose ourselves to the media in respect of the legislation. We have a thorough process for checking draft legislation before it is enacted. I support that thorough process. That is the way we should do it. The last thing we want is a situation whereby laws can be made relatively easily.
The Deputy also asked questions about the process in respect of anyone who wishes to pursue these regulations or make a complaint. When it comes to any data complaint, we have the Data Protection Commission, the Information Commissioner and the courts. Anyone who is dissatisfied with the operation of the regulations for which I am seeking approval can lodge a complaint under Article 77 of the GDPR and it will be dealt with in the ordinary course. A statutory mechanism is in place to ensure that anyone who believes his or her data rights have been unfairly appraised and determined can avail of the provisions within the GDPR and the Data Protection Act to ensure they are vindicated.
No comments