Catherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

273. To ask the Minister for Public Expenditure and Reform if he will report on the development of legislation for the regulation of data sharing between public bodies and for applicable safeguards and conditions regarding the public services card; and if he will make a statement on the matter. [37884/17]

Róisín Shortall (Dublin North West, Social Democrats)
Link to this: Individually | In context | Oireachtas source

298. To ask the Minister for Public Expenditure and Reform if he will provide an update on the data-sharing and governance Bill; if this Bill is planned to underpin the sharing of PSI information; and if he will make a statement on the matter. [39004/17]

Róisín Shortall (Dublin North West, Social Democrats)
Link to this: Individually | In context | Oireachtas source

299. To ask the Minister for Public Expenditure and Reform further to the proposed data-sharing and governance Bill, the information it is envisioned this Bill will allow An Garda Síochána to request; and if he will make a statement on the matter. [39005/17]

Róisín Shortall (Dublin North West, Social Democrats)
Link to this: Individually | In context | Oireachtas source

300. To ask the Minister for Public Expenditure and Reform if an assurance can be given in respect of the security and confidentially of the data held on the public services card and other personal information shared and accessed by Government Departments and their agencies; the legal sanctions which apply to breaches or misuse of this data; and if he will make a statement on the matter. [39009/17]

Paschal Donohoe (Dublin Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 273 and 298 to 300, inclusive, together.

On 7th July 2015, the Government approved the drafting of the Data-Sharing and Governance Bill.  The Government’s objective in bringing forward the General Scheme was to promote data sharing between public bodies for legitimate and clearly specified purposes and to improve transparency for individual rights by setting new governance standards for sharing of data between public bodies. 

The Bill aims to facilitate an “ask-once, use-many” times principle, that is, a person will only be asked for their information once, but the information can be shared within the public service for the provision of other services. The intention is to significantly reduce the administrative burden on citizens and businesses and allow them to avail of higher-quality, more efficient and seamless public services. Data sharing will help Ireland align very closely with EU eGovernment and Digital Single Market developments as well as complementing national eGovernment initiatives such as the transformation of our “back office” processes and the development of a Digital Services Gateway.

The Bill takes account of and will help compliance with data protection law and the General Data Protection Regulation which takes effect in May 2018 in that data subject rights under data protection law must be complied with in the sharing of data in terms of consent, proportionality, transparency etc. Significant governance and transparency measures are proposed, including a clear definition of data sharing and the purposes for which data may be shared, governance arrangements which public bodies must comply with before disclosure of information to another public body, and obligations to enter into Data Sharing Agreements and for the publication of such Agreements, and the laying of them before the Houses of the Oireachtas. My colleague Minister O'Donovan proposes to bring proposals to Government shortly to further strengthen the governance and transparency arrangements in the Bill with a view to,inter alia, making it easier for citizens to know who holds their data and how it is being used.

The Bill concluded pre-legislative scrutiny in the Houses of the Oireachtas in May 2017. My officials are currently considering the report in the context of the drafting of the Bill and are working closely with the Office of the Attorney General. The drafting of the Bill has been substantially progressed since the publication of the General Scheme and I expect the Bill will be published in the Autumn.

Regarding the Public Services Card, the personal data processed as part of the registration and issuance of the card by the Department of Employment Affairs and Social Protection is legislated for in the Social Welfare Consolidation Act 2005, as amended. The personal data processed in relation to the card form the basic data that can be used to identify an individual, such as name, date of birth, personal public service number, gender, address and information of any other type is not processed in this context.

The sharing of the data held on the card is also legislated for in the above Act, permitting the Minister for Employment Affairs and Social Protection to share this basic personal data for the purposes of authenticating an individual’s identity. The Minister may only share such data for this purpose with bodies that are specifically listed within Schedule 5 of the above Act.  Furthermore, the body receiving such data must also have a legal basis for the processing of the data in its own right as per the data protection Acts.  Lastly, the data collected and processed as part of the Public Services Card registration and issuance process is controlled by the Department of Employment Affairs and Social Protection, and as such has and adheres to the responsibilities of a Data Controller as set out in the Data Protection Acts.

As regards sharing of other personal data, under the existing legal framework, data-sharing provisions are included in specific Acts, based on the requirements of a particular Department or body. This legislation and data protection legislation must be complied with to allow such data sharing to occur. 

Sanctions for misuse of data will depend on the particular circumstances but can be applied at organisational level or within Departments at personal level as appropriate. 

Finally, Deputy Shortall asked what information is envisioned that An Garda Síochána might request under this Bill. The Deputy may be concerned about data processing for the purpose of prevention, detection, investigation and prosecution of crime. I wish to assure the Deputy that no specific provisions are provided in the Bill relating to information that An Garda Síochána might request. The forthcoming Data Protection Bill will transpose Directive (EU) 2016/680 of 27 April 2016 on the protection of individuals with regard to the processing of personal data by competent authorities, including the Gardaí, for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties into national law. That Bill will,inter alia, regulate the sharing of personal data between competent authorities for those purposes.