Seanad debates

Monday, 11 July 2022

Online Safety and Media Regulation Bill 2022: Report Stage

 

10:00 am

Photo of Alice-Mary HigginsAlice-Mary Higgins (Independent) | Oireachtas source

Amendment No. 63 relates to the transferring of data to other bodies. It tries to underscore and specifically reference the necessity and proportionality requirement, which is a key principle of the general data protection regulation, GDPR. The GDPR is referenced elsewhere, but with this amendment I am trying to underscore that in the context of the transfer of data to other bodies. Again, I have some general concerns regarding the transfer of data between bodies. The data retention and transfer legislation may not be as robust as it could be. As a result, this is something I am trying to pick up on.

I acknowledge amendment No. 64, which reflects a principle I discussed with the Minister and her officials, namely, the concern that where a person has given personal data to the commission, the commission would make sure that the person was aware of the disclosure. There are two issues involved here. One relates to the safeguards of necessity and proportionality in the transfer of a person's data. The other relates to the fact that a person, having given his or her data to the commission, may not have the expectation that it would be passed to another body so even if his or her consent is not required for that, he or she should at least be informed that this data has been passed to a relevant body. I appreciate that while my first principle was not taken on board, the second has been taken on board by the Government in amendment No. 64.

I welcome amendment No. 68. I would have liked if there had been a hard requirement for a data protection impact assessment. I proposed that on Committee Stage. Amendment No. 68 goes halfway in that direction by giving the Minister discretion to consider whether it is necessary to carry out an assessment of the regulations. Under this proposal, the Minister may carry out a data impact assessment. I believe that it is necessary and that it would be better if we had it as a standard requirement in the Bill. However, I acknowledge that at least the issue of an data protection impact assessment has been strengthened somewhat. However, I still believe that it should be formally set out rather being discretionary to any degree.

Comments

No comments

Log in or join to post a public comment.