Ivana Bacik (Dublin Bay South, Labour)

The recent RTÉ “Prime Time" programme into the purchase of mobile phone location data was shocking. For very little money, and with very little effort, journalists were able to buy data which tracked the journeys of smartphone users across Ireland, based in different locations. They even tracked naval vessels, people in Irish prisons and they tracked phones here in Leinster House. Using this data, as we know, they were able to trace the residential addresses of political representatives. The Minister and Deputy Barry Ward were featured in the programme.

It was particularly chilling - and the findings were chilling - given the recent reports of very serious online abuse and threats of violence against the Tánaiste, Simon Harris and his family. I want again to condemn absolutely outright those threats. Threats against public representatives and their families represent a threat to democracy. They undermine our political system and they deter people from entering politics.

This is a very serious issue but it is not new. It affects the civil liberties of all our citizens and not just those in public life. As long ago as 2020, the Irish Council for Civil Liberties, ICCL, undertook a similar exercise to RTÉ’s “Prime Time” team. It purchased data, identifying 200 Irish people who had been tagged as survivors of abuse but despite handing those findings to the Minister's predecessor and the Data Protection Commission, no action was taken at the time to protect the privacy of individuals.

Following the recent “Prime Time” programme just last month, the Data Protection Commission, DPC, has pledged to look into this matter at last but it seems that the best response the Government could give was a watery commitment to looking at the possibility of vague new laws. Frankly that is not good enough nor is it appropriate.

As I made clear, the GDPR already contain the safeguards necessary to enable the DPC to take the action that is needed to prevent the sale of data where no meaningful or informed consent has been given as it could not be given when we see this absolutely brazen use of data in this way. As the Minister knows, the DPC has the statutory powers it needs to protect the privacy of smartphone users in this country and we know this but, to date, it has not taken necessary action to protect people whose smartphone data is up for sale right now. It is welcome that the DPC has announced it will commence investigations with a view to taking enforcement proceedings against two of the companies featured in the “Prime Time" programme but the question remains: why did the DPC not use its existing statutory powers sooner to protect people’s privacy? Why has the Government taken such a hands-off approach to this?

I raised this in this Chamber two weeks ago in advance of the “Prime Time” programme. The Tánaiste offered me only a holding response and nothing of substance and the Government did not put up a spokesperson on the “Prime Time” programme that evening.

What is the Minister doing to protect the privacy rights of our communities and, because we are an EU tech hub, what is he doing to protect privacy across the EU? Let us be clear: this poses not only a risk to individuals but also to our national cybersecurity. We know that Ireland lacks an adequate overarching strategy to guard against cyber attack. We saw that with the HSE ransomware attack recently.

See this speech in context