Wednesday, 9 November 2022
Data Protection Act 2018: Motion
Ollie Crowe (Fianna Fail) | Oireachtas source
The position of Cathaoirleach is coming up in a few weeks. Perhaps the Acting Chairperson should put his name forward. He was running the House the last evening we were here and he was flying through the business of the House. I commend him on continuing to do that work.
I welcome the Minister of State to the House. He has been here a number of times now. I thank him for his help and support. I welcome the draft regulations. We all recognise the importance of data protection and of ensuring people have the privacy they are entitled to, but we must also ensure that authorities have the capacity to act in the public interest as required. Currently, the CCPC, CEA and IAASA are operating without appropriate restrictions on data access regarding the civil and administrative function. That represents a risk of the work they carry out in the public interest being undermined and it leaves these authorities legally vulnerable to a fine, or potentially damages, even when acting entirely in line with their mandate. These regulations address that risk and, crucially, they do so in a fair and balanced manner.
The regulations propose to restrict the rights and obligations provided for in the Data Protection Act, DPA, where it is necessary and proportionate to safeguard the statutory functions of the CCPC, CEA and IAASA. An example of where it may be necessary is where the rights being exercised may interfere with or obstruct "any official or legal inquiry, investigation or process". It is welcome that there will be no hard precedents as restrictions must be considered on a case-by-case basis following an assessment of the relevant circumstances. In addition to restrictions being considered on a case-by-case basis, there are a number of other safeguards, with the CCPC, CEA and IAASA all being required to have appropriate policies and procedures in place. Furthermore, these authorities are required to notify the data subject and provide reasons for the restriction, unless doing so may prejudice the achievement of a relevant objective. In addition, the data subject must be informed of the right or obligation affected by the restriction, whether the restriction applies in whole or in part, and of the right to lodge a complaint with the Data Protection Commission. It is important to note that the Data Protection Commission was consulted on these regulations and raised no concerns regarding them.
As I said earlier, and as I believe all Members agree, data protection is important and people have the reasonable expectation of privacy. That must be balanced with ensuring these authorities have the capacity to meet their mandate and obligations which is what these regulations are aimed at ensuring. The regulations do so in a balanced and appropriate manner. It should also be noted that similar restrictions are already in place for the Central Bank of Ireland and the Office of the Ombudsman. These regulations are necessary and should be welcomed by all. Go raibh maith agat.