Kathleen Lynch (Cork North Central, Labour) | Oireachtas source

That is the entire group. They are more than welcome. I am very fond of any organisation that organises women.

I am standing in for my colleague the Minister for Justice and Equality who is unavailable at present. The reply is fairly lengthy, as one would expect from the Department of Justice and Equality.

I thank Senator Clune for raising this important issue. It is important to all of us that our personal data, including personal data on our smartphones, are safe and secure and that we do not feel that the use of apps will lead to misuse of our data, including misuse for purposes we might never have envisaged when we decided to use a particular app.

Communication networks and information systems have become an essential component of both our economic systems and social life. All of us here today have witnessed an information technology revolution in our lifetimes and the pace of change shows no sign of slackening. The development of smartphone technology and the widespread use of such phones is a good illustration of this phenomenon.

Specific safeguards for the protection of personal data are in place at European Union level. I take this opportunity to briefly set out the background. The centrepiece of existing EU legislation on personal data protection is Directive 95/46/EC which seeks to reconcile the protection of personal data with the free flow of such data within the Internal Market and to countries outside the EU. It has been transposed into Irish law in the Data Protection (Amendment) Act 2003 which supplements the Data Protection Act 1988.

This legislation requires all those handling personal data to take appropriate security measures against unauthorised access to, or unauthorised alteration or disclosure of, the data, in particular where processing operations involve the transmission of such data over a network. In determining what is appropriate in any particular case, account must be taken of the risk of harm that might result from security breaches and the state of technological development and costs of implementation. These security measures also apply where data are transferred to a destination outside the European Union.

The Data Protection Commissioner, who is independent in the performance of his duties, deals with complaints about companies and organisations established in this jurisdiction where there are allegations that they may not be meeting these security requirements. The commissioner has extensive investigative and enforcement powers, including the power to take summary proceedings for offences under the Act. The commissioner also carries out audits of organisations, which include an assessment of data security systems.

The 1995 directive has been supplemented by other more specific legislative measures, such as the e-privacy directive which applies to providers of publicly available electronic communications services, namely, telecom providers and ISPs. This directive requires such companies to take appropriate measures to safeguard security of their services and to protect the confidentiality of communications and related traffic data.

It is generally recognised that the 1995 data protection directive's standards need to be updated to take account of more recent developments such as increased usage of mobile phones, cloud computing, social networking and increasing globalisation of data transfers. In January 2012, the European Commission tabled proposals for a reform of the current data protection framework and these proposals are currently being discussed at EU level, as the Senator mentioned. The proposed regulation's enhanced data protection standards will, when agreed, apply directly in all member states without the need for transposing national legislation.

In addition to the responsibilities of those who develop and supply apps to incorporate appropriate security measures to secure data transmitted between the app and end-user, many basic steps are available to those who choose to download and use apps, including limiting the amount of data stored on the smartphone to which apps are given automatic access. Users should be also vigilant in terms of the security of the Wi-Fi networks to which they connect.

We cannot ignore the important fact that there is a recognised need to protect our citizens from terrorist threats and dealing with this requires access to certain data. However, in doing so it is necessary to ensure that the information is lawfully obtained and subject to appropriate safeguards. Any security surveillance undertaken must be balanced and appropriate. Moreover, it must take account of individual rights to privacy and ensure the respect for human rights contained in the European Convention on Human rights. For these reasons we have in place statutory provisions with judicial oversight governing police surveillance and access to these data.