John Brady (Wicklow, Sinn Fein)
Link to this: Individually | In context | Oireachtas source

65. To ask the Minister for Foreign Affairs and Trade the details of the Governments' response to concerns within the European Union in relation to the mass storage of data on European Union citizens; and if he will make a statement on the matter. [3886/22]

Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

Issues relating to retention of European citizens data are primarily for the Minister for Justice.

The GDPR entered into force in 2018 and provides for higher standards of data protection for individuals and imposes more detailed obligations on bodies in the public and private sectors that process personal data. The GDPR also increases the range of possible sanctions for infringements of these standards and obligations. The accompanying Law Enforcement Directive (the Directive) was transposed into national law at the same time as the GDPR. The Directive establishes data protection standards for the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection and prosecution of criminal offences and the execution of criminal penalties.

The transfer of personal data from the EU to third countries is carried out under a number of transfer mechanisms set out in Chapter V of the General Data Protection Regulation (GDPR). The default transfer mechanism is known as an ‘adequacy decision’, this is an implementing decision by the Commission which guarantees that the third country in question provides an equivalent level of protection of personal data as exists in the EU. Once a third country has been assessed by the Commission as providing an equivalent level of protection, transfers of EU citizen’s data can take place between the EU and the selected third country under that adequacy decision, without limitation or additional safeguards.

A new arrangement with the EU-US in regard to safe transfers of data is an outcome we want to see achieved. This is critical for business certainty but also for the successful operation of the GDPR. The Government respects the judgment of the European Court and in regards to the Schrems II case is fully supportive of the need to protect citizens’ data through enforceable safeguards and for proper redress mechanisms.

Any future adequacy decision must work for both the EU and US in facilitating data transfers. It must also critically be able to pass any future scrutiny of the European Court of Justice. It will have to ensure that EU data subjects’ rights are thoroughly protected and are enforceable with proper redress mechanisms. We encourage the US administration and stakeholders to work positively with the European Commission in reaching a lasting and durable outcome to facilitate data transfers between the EU and US.

The EU – UK adequacy decisions (GDPR and LED) are an important element of the new relationship between the United Kingdom and the European Union enshrined in the EU-UK Trade and Cooperation Agreement (TCA).