Alice-Mary Higgins (Independent) | Oireachtas source

I wish to speak briefly to this section to signal it is one of the key sections under which some of the issues we have discussed could be addressed. It deals with the designation of data protection officers. I signal that I will focus on this section on Report Stage as one of the key areas where the Minister will perhaps have the capacity to set out particular rules around the roles of different categories of data protection officers in terms of different categories of Internet actors.

I note, in particular, that section 3 gives the Minister scope to have regard to a large number of issues but only to have such regard almost at the moment of appointment. There might be scope for him to have regard to some of those issues in respect of processes as well. There is provision for data protection officers to widen the scope of organisations wherein a data protection officer may be required. The Minister might be able to indicate if he believes there is scope for a data protection officer to be shared between a number of small organisations.

For example, I refer to the small and medium-sized enterprise sector or the voluntary sector, organisations such as the Wheel and groups like that. We may want there to be data protection officers in as many organisations as possible. However, I am conscious that if I seek to expand the application or requirement for a data protection officer, it may place pressure on some small companies or organisations. I am happy to work with the Minister around that.

Is it possible for a data protection officer to be shared between a number of companies or entities, or perhaps provided by a central body? There may be later amendments relating to the duties of data protection officers. At the time of their appointment, the Minister has a particular power and he may be able to ask for transparency in certain areas. I am not sure if this would come under section 30 or another section, or perhaps a new section but I suggest some timelines should be put in place for the response of data protection officers to concerns that are raised with them, and perhaps also for the automatic triggering of investigation by the Data Protection Commissioner when a large number of individual complaints have been made to a data protection officer. Perhaps we can have transparency around the operation of the data protection officer. I know we will come to deal with those issues later but I am opening up the discussion on them for Report Stage.