Nicole Ryan (Sinn Fein)

I welcome the Minister of State back to the House. I rise to speak on the motion concerning the draft regulations under section 60(4) of the Data Protection Act 2018. Sinn Féin will be supporting these regulations, but it is important that we are honest about why they are being introduced and what they represent. These regulations are being brought forward not because of a sudden commitment by Government to strengthen the data rights of our citizens but because the European Commission raised concerns about the compatibility of our legislation with GDPR. Specifically, the Commission was concerned that section 60(3) of the Act would be interpreted as giving the State a blanket exemption that would allow the Government bodies to bypass core data rights without having to assess the necessity or proportionality of these restrictions.

What rights were potentially on the chopping block? They were the right to be informed, the right access one’s own data, the right to rectification and the right to erasure. These are not fringe rights. They are fundamental protections under Articles 12 to 24, inclusive, and 34 of the GDPR, rights that protect our privacy, dignity and autonomy in the digital age. A blanket exemption would be a direct breach of Article 23 of the GDPR.

The regulations we are debating today apply to three public bodies, as the Minister of State mentioned: the Data Protection Commission, the Office of the Information Commissioner, and the Comptroller and Auditor General. Each set of the regulations is near identical and imposes basic but important obligations, which are mainly that data subjects are informed when their rights are being restricted, that any restrictions imposed must be time-limited and proportionate, and that the relevant offices publish their policies and procedures related to these restrictions.These are welcome additions, but, quite frankly, they are the bare minimum in terms of what we should be expected to do in a functioning democracy. Transparency, accountability and respect for rights are not optional; they are foundational. From a Sinn Féin perspective, we believe in a rights-based approach to governance and that includes data rights.

The Government's initial approach, which, in effect, enabled State bodies to exempt themselves from GDPR protections, is quite concerning. While today's regulations mark a step in the right direction, the truth is that it should not take pressure from Brussels for Ireland to do the right thing. We should lead by example when it comes to data protection, especially in a world where digital surveillance, data profiling and algorithmic discrimination are growing threats. We have been reactive instead of proactive.

While we support the motions, we continue to scrutinise how the State handles personal data because no Government, regardless of who is in power, should be allowed to write itself a blank cheque to interfere with people's fundamental rights. The message has to be clear. Data protection is not a bureaucratic box-ticking exercise. It is about power and how that power is used, checked and held to account.