Michael Moynihan (Cork North West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

1. To ask the Taoiseach if he is satisfied that the data protection measures in place in his Department are robust. [17677/18]

Brendan Howlin (Wexford, Labour)
Link to this: Individually | In context | Oireachtas source

2. To ask the Taoiseach if he will report on the work of the data protection unit in his Department; and the work under way on the general data protection regulation. [18780/18]

Michael Moynihan (Cork North West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

3. To ask the Taoiseach if his Department is prepared for the introduction of the general data protection regulation on 25 May 2018. [18797/18]

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 1 to 3, inclusive, together.

I am satisfied that the data protection measures in place in my Department are robust. There are secure policies and procedures in place for paper files and electronic data. All information and communication technology, ICT, systems operated within my Department are securely managed. Access to the systems is controlled through a variety of security measures, including industry-leading technologies which are regularly updated. My Department’s electronic records and files are held on a secure internal network. The network is connected to the Internet through the Government networks service, which is a private, managed, wide-area network connecting public service bodies on a data, voice and video-capable network.

The general data protection regulation, GDPR, comes into force on 25 May. The Department of Justice and Equality is responsible for transposing into Irish law those parts of the regulation for which member states have competence. The enacting legislation in Ireland, the Data Protection Bill, is starting Committee Stage in this House today. It is the Government’s intention to have the Bill enacted ahead of the 25 May deadline and I ask for support from all sides of the Oireachtas to ensure we meet that target.

An important priority for the Government has been to ensure that Irish organisations are ready for the GDPR when it comes into force. In addition to the awareness campaign of the Office of the Data Protection Commissioner, the Minister of State with responsibility for data protection, Deputy Pat Breen, has been involved in a range of activities to promote awareness and regularly meets business groups and representative bodies to ensure everyone is aware of their privacy rights and obligations under GDPR. This work will continue after 25 May.

As regards my Department's preparations for GDPR, a data protection officer has been appointed and has been meeting the various divisions in the Department, which are reviewing what personal data they receive, how they manage it and any scope for improvement.

A number of staff, including the DPO, have already attended training sessions on the GDPR and further training will be provided.

Separate from the data protection officer, the data protection unit, DPU, which is within the economic division of my Department supports the Minister of State with responsibility for data protection and contributes to a whole-of-government approach to the challenges arising from the increasing digitisation of modern life in association with significant increases in the amount of personal data generated. The data protection unit also acts as the secretariat to the interdepartmental committee on data issues which was established in 2015 to bring a whole-of-government perspective to data issues.

While compliance with the GDPR is a matter for each individual organisation, the committee has helped to raise awareness of the GDPR across the public service and received regular briefings from the Department of Justice and Equality on the legislation.

Pat Gallagher (Donegal, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I call Deputy Micheál Martin instead of Deputy Michael Moynihan.

Micheál Martin (Cork South Central, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The GDPR will ensure a harmonised system of data protection rules that will work across the European Union. My understanding is the Bill will be before the committee tomorrow and I hope it will pass all Stages by 25 May. It is unfortunate that we are so late in the day, given the fact that companies and others are preparing for the introduction of the legislation.

We welcome the strengthening of protection for citizens. Such protection of citizens' privacy rights is more important now than ever, particularly given the presence of such global technology giants as Google, Facebook, LinkedIn and many others.

On the information published on Facebook scraping, impacting on more than 50 million members of the public, belatedly, policies are being introduced by companies to seek the user's permission to use his or her data for other companies. The case with Atlantico also involved an appalling abuse of personal data. RTÉ had to issue a statement yesterday on a fake report on Facebook mimicking RTÉ. There are serious issues and the Bill will help to deal with some of them, although I point out that some public representatives are concerned that the impact of the Bill on their unique role in interacting with citizens might render it impossible. The Minister should look at that aspect before the Bill is completed.

I also raise the issue of the digital age of consent. This is more about companies using the data of young people for their own purposes in marketing and so on. There is a very strong case for reviewing it and allowing the digital age of consent move to 16 years if, for nothing else, to create pressure on companies to carry out their duties and responsibilities to children and young people.

The area of privacy and data protection has come to light in the context of the Independent News & Media, INM, story in terms of the breach of data protection that is the subject of an affidavit in the High Court but also an investigation by the data protection officer. I am conscious that the Chief Justice, Mr. Justice Murray, produced a significant report on the protection of sources, including journalistic sources. He produced a more broad based report on the digital age of consent and protecting privacy all round from the State and recommened that such protections apply in the private sector also. It is essential that, as a country, we move fairly quickly on these matters.

Brendan Howlin (Wexford, Labour)
Link to this: Individually | In context | Oireachtas source

I too want to ask about the current position of the Government on the digital age of consent now that Fianna Fáil and Sinn Féin support the Labour Party position that the digital age of consent be 16 years and are committed to moving amendments in that regard. Will the Government give further consideration to the appropriate digital age of consent because the protection of young people is more frequently in the minds of all citizens when we see to what young people are being required to sign up? Children younger than 16 years should be protected from this.

The Taoiseach told the Dáil that the Government was considering legislation to protect journalists' sources following the alleged data breach at INM. He may recall that on Tuesday he said it was time for the Government to dust down reports on the issue. Has that dusting down been completed and is there a commitment to legislate in this area? We all agree that the protection of journalistic sources and a free press from interference is an important bulwark of our democracy. It is a concern for all of us that there would be a doubt about who might access journalists' sources and certainly the activities of a free press. Last week I looked at the ranking of Ireland in terms of journalistic freedom and it is reasonably high. We have to make sure we maintain and improve that status by having protections for journalists.

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Deputy Micheál Martin mentioned the unique role of Oireachtas Members in serving their constituents. I echo what he said. I know that it is a concern, certainly among members of my parliamentary party and the Cabinet, that we should not bring forward data protection laws that would restrict Deputies and Senators in doing the work they have been doing for years and decades in serving their constituents. When this issue was discussed by the Cabinet, as part of its decision, the Minister for Justice and Equality and the Attorney General were mandated to examine the unique role of the Oireachtas Member to see if any exemption or exception might be appropriate when it came to communications between Oireachtas Members and their constituents or about Oireachtas Members and their constituents. At the same time, however, we need to be mindful of the fact that, as legislators, we probably should not impose laws on others that we are not willing to impose on ourselves. That is something we have to bear in mind, but it is part of the ongoing considerations.

On the Murray report and protecting journalists' sources, I did dust it down and look at it. It is still under consideration as to whether we can legislate to protect journalists' sources. We have identified three complications and certainly would welcome the advice of Deputies in other parties on how we might overcome them. The first is the definition of a "journalist". Journalism is an unregulated profession. We know what a doctor is because to protect the title one is registered with the Medical Council. We know what a nurse is because it is a protected title and one is registered with the Nursing and Midwifery Board. We know that also to be the case for physiotherapists and teachers. A huge number of professions are regulated. One cannot just call oneself a teacher or an architect. They are regulated professions. One must register with a professional body and uphold a certain code of conduct and there is a mechanism by which one could be struck off the register. Journalism is not in that space. It is an unregulated profession. I know that there is a press council, but journalists are not regulated in the way other professions are. One does not have to register; one cannot be struck off and there is no fitness to practise body, which creates a complication. It is difficult in law, therefore, to define what a journalist is. Particularly in the current era when there is a huge amount of social media, there is the emergence of the citizen journalist who is somebody who may have another job, be self-employed or have a business but who may also be a journalist on occasion, perhaps for an hour a day or whenever he or she likes to be a journalist. We would need some way to define what a journalist is before we could protect their sources. That is a complicated task when it is not a regulated profession in the way other professions are regulated. It is not a protected title in the way other titles are protected.

There is a second reason we would not protect sources for other people. As politicians, we are often given confidential information by people. I am sure people in other walks of life are also given confidential information. Would we apply it more widely? I imagine some of it is covered by Dáil privilege, but it may not all be covered. There may be other professions for which we could also consider this. We would also have to consider exceptions. For example, there is legal privilege whereby lawyers have protections. Doctors, for example, are protected by doctor-patient confidentiality, but in no cases are these protections absolute.

If the High Court orders a doctor to breach patient confidentiality, he or she must do so. There are certain conditions under which doctors are expected to breach doctor-patient confidentiality, for example, if a patient poses a danger to other people. Again, we would have to consider under what exceptions journalists could be required to give up their sources. Would it be following a ruling of the High Court, for example? All those things have to be thought through. I have not thought them through yet or determined the right answers and certainly we would welcome the advice and views of other parties in that regard.

The Government made a decision last year to accept 13 as the age of digital consent, based on recommendations made by organisations and individuals that work with children who are best able to advise us on the balance of autonomy versus safety. Advice was sought from the Children's Rights Alliance, the Ombudsman for Children as well as Dr. Geoffrey Shannon, the special rapporteur for children. They all recommended that we opt for 13 rather than 16. I understand that some parties have reconsidered and changed their position of late. Of course, people are entitled to do that. I will not criticise anyone for changing his or her view because we all do that on occasion, as facts and contexts change. I assume that this will go to a vote at some point over the next period.