Alice-Mary Higgins (Independent) | Oireachtas source

I move amendment No. 9:

In page 10, to delete lines 34 to 38, and in page 11, to delete lines 1 to 30 and substitute the following:"9. (1) In this Act, "public body" means—

(a) a company (within the meaning of the Act of 2014 or a former enactment relating to companies within the meaning of section 5 of that Act) a majority of the shares in which are held by or on behalf of a Minister of the Government,

(b) a subsidiary (within the meaning of section 7 of the Act of 2014) of a company referred to in paragraph (a).".

We discussed this amendment briefly. There are entirely different definitions of public body in the Data Protection Act and the Bill before us. The definition of public body in the Bill includes some elements of the definition in the Act and some elements of what are described in the Act as "public authorities". A potential tension arises because certain entities, including An Garda Síochána and a number of other bodies, are described as public authorities in the Act but as public bodies in the Bill. That conflict is a concern.

It is not simply the case that a public authority and public body have equivalent meanings because the Data Protection Act includes separate definitions of "public body" and "public authority". The definition of the former in the Bill takes a little from column A and a little from column B, which creates confusion. We will have circumstances in which a concern or ambiguity will arise about whether an entity, such as An Garda Síochána, is considered a public body or a public authority. As we can imagine, the Data Protection Act and this Bill will closely interact and are naturally linked because they substantially overlap. I expect many cases will arise in which both are invoked, yet they have different definitions.

I will not press the amendment, which is an attempt to alert the Minister of State to this issue. Amendment No. 9 would take the definition of a public body from the Data Protection Act and make it the definition in the Bill. I recognise that certain groups and entities the Minister of State wants to absorb into the Bill will not be captured by the amendment, but this is one way of making the Bill and the Act compatible. I am open to other proposals the Minister of State or Department may have on how to make them compatible.

It creates an inappropriate legal ambiguity when the House passes legislation featuring certain definitions and a few months later it is proposed that we pass legislation featuring a completely different definition which clashes with the original definition in the same area. I am open to proposals from the Minister of State on how to resolve this issue and I hope he will put forward Government amendments to address it. Amendment No. 9 is one way of addressing it, albeit one which I recognise is quite blunt as it proposes to take the public body definition from the Data Protection Act and put it into the Bill. If the Minister has other suggestions I am very open to them.

The Minister said that the definition of public body is very wide. We should bear in mind that these bodies may share data with each other. As the Minister said, subsection (q) refers to any other body which a Minister decides to make into a public body. Any body, public entity or company could become a public body. We need to have firewalls in that respect. In cases where the Minister designates as a public body under this section a body whose activities and functions do not relate to the delivery of services to the public under an agreement with the public body, the Minister should publish regulations on suitable and specific safeguards to protect against inappropriate access or data shared under the Act within the body. For example, if a company which is under contract to the State to deliver one kind of service and, on that basis, is given access to a data set for that purpose, we need to ensure suitable safeguards are in place if a commercial section exists within the same organisation. If an entity has other clients besides the State, there must be clear safeguarding of data shared by any public body with this entity, that is, the public body for the purposes of the Bill, which may be involved in commercial, State and public activities that may serve public and private purposes.

I am not attempting to be prescriptive and I will leave space and discretion to the Minister of State to set out the regulations. I have used the same wording we used for the Minister for Justice and Equality in regard to the general data protection regulation, namely, "suitable and specific safeguards". I expect everybody will agree there should be some safeguards in place. If we are to allow data to be shared by a Department with other fully public entities or partly public and private entities, rules will be required on how we protect such data.