Simon Coveney (Cork South Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

As the Deputy will be aware, the formalisation of data sharing arrangements was introduced by the GDPR and Data Protection Act 2018 and was supplemented by the Data Sharing and Governance Act 2019, with the commencement of final sections of that Act coming into effect on 16th December last year. Schedules of personal or person-specific data are therefore not available for the last 20 years.

My Department and the Offices under its aegis share aggregated and person-specific data sets with Public Sector Bodies, including other Government Departments and in certain cases with State bodies, agencies, and local authorities. We share these data sets to deliver our official functions, to authenticate identity where required to deliver our public services and to assist other Public Sector Bodies in carrying out their statutory functions.

The personal data sets that we share are varied in nature depending on the type of services that are being provided to our customers. Specific details about the data sets that we share and the legal basis for the sharing are set out in our Data Protection Statements which are published on our website. These Notices provide individuals with information on how their personal data is being used and for what purpose, who has access to this data and how the sharing of their data will impact them. Personal data is only shared by my Department, where there is a specified, explicit, and legitimate need for such sharing.

Furthermore, all details relating to our sharing activities are set out in Data Sharing Agreements (DSAs) that we have in place with the bodies with whom we share personal data. These Agreements are detailed documents which set out the data protection rules and roles and responsibilities of the bodies involved in the data sharing activity.

Technical safeguards are also included to protect the personal data that is being disclosed or received and all agreements are reviewed by my Department's Data Officer and Data Protection Officer. Where these Agreements fall under the Data Sharing and Governance Act 2019, all documentation is subject to prior approval by the new Data Governance Board under the Department of Public Expenditure, NDP Delivery and Reform. These Agreements are also subject to a public consultation process prior to final approval by the Board and publication. My Department and its Offices also adhere to all recommendations provided by the Data Protection Commission (DPC) in relation to the processing and sharing of personal data.

Personal data is also shared with law enforcement authorities and Competent Authorities as required by law. This sharing is mandated under the Data Protection Act 2018 and the Law Enforcement Directive (LED). This sharing of personal data is usually person-specific and is required for preventing, detecting, investigation or prosecuting criminal offences or for preventing a threat to national security, defence, or public security. These requests are assessed on receipt and approved by our independently appointed Data Protection Officer (DPO) prior to the processing and release of any personal data sets.

I wish to assure the Deputy that my Department and the Offices under its aegis have an effective governance framework in place to ensure that we meet our obligations under data protection laws, the Law Enforcement Directive and the Data Sharing and Governance Act in respect of our data processing and sharing activities.

Can I also add, that if there is particular information the Deputy would like to receive, my Department will respond with it, if it is available.