Malcolm Byrne (Fianna Fail) | Oireachtas source

I thank the Minister of State for coming to the House to speak to this matter. He might recall we discussed it in September 2020, when I raised concerns around the capacity of the office of the Data Protection Commissioner, its resourcing and its powers in being able to deal with some of the challenges it continues to face.

First, I compliment the staff of the Data Protection Commissioner, who have been working under difficult circumstances and faced much criticism. Some of that has been unfair but some of it should also be taken on board. The Minister of State will be aware that there has been criticism from other European jurisdictions and data protection authorities across Europe. I note, however, that Commissioner Reynders is responsible for the data protection area and he recently came to the defence of the Data Protection Commissioner.What is clear is that there are major challenges in the area of data protection. We know that this is just going to continue to grow. A recent survey by McCann FitzGerald and Mazars found that businesses here were increasingly concerned about having to deal with issues of data protection and data privacy. However, William Fry conducted a survey of international businesses recently in which 89% of respondents recognised that the regulatory climate in Ireland would be regarded as good to excellent.

However, there are problems. The Minister of State acknowledged at the time that there were not sufficient staff in the Data Protection Commission. In an interview in the Business Poston 5 December, the commissioner stated that the office is currently unsustainable and unfit for purpose. We have the DPC already saying that the office is not sustainable in its current form. There were commitments by Government which have not been sufficient to meet the scale of the challenge.

Given the importance of data privacy and data protection, particularly following the Schrems II judgment, it is of increasing importance that we take action against companies engaged in data breaches. We must have a properly resourced and, more importantly, properly structured DPC. The time is long overdue. The Oireachtas justice committee recommended the following: that the Government appoint three data protection commissioners, as is provided for in legislation; that there be an independent review of the operation of the DPC to take on board criticisms and address concerns; and that we be in a position to give confidence that Ireland has an excellent data protection regime.

One of the largest fines set down by the DPC was against WhatsApp. Clearly the DPC is taking the issues very seriously. On the other side, however, last year there were nearly 7,000 Irish citizens and individuals who made complaints to the DPC. One of the complaints was about the length of time it is taking for the DPC to deal with some of those complaints. I ask the Minister of State to set out the Government's position with regard to the commission.