Sinéad Gibney (Dublin Rathdown, Social Democrats)
Link to this: Individually | In context | Oireachtas source

542. To ask the Tánaiste and Minister for Justice and Equality if his attention has been drawn to the firing of three members of the US Privacy and Civil Liberties Oversight Board by the Trump Administration and the resulting lack of quorum on the board; whether he has considered this issue in light of the key role of the board in satisfying the standards necessary to facilitate transfer of private and personal data outside of the EU, as agreed in the 2023 Transatlantic Data Privacy Framework; and if he will make a statement on the matter. [13386/25]

Sinéad Gibney (Dublin Rathdown, Social Democrats)
Link to this: Individually | In context | Oireachtas source

543. To ask the Tánaiste and Minister for Justice and Equality the steps he is taking to ensure Irish data transferred to the US is being adequately protected under GDPR, considering recent changes in the US Privacy and Civil Liberties Oversight Board, and the resulting impact on the EU US Transatlantic Data Privacy Framework; and if he will make a statement on the matter. [13389/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 542 and 543 together.

The European Commission adopted its adequacy decision for the EU-US Data Privacy Framework on 10 July 2023, pursuant to Article 45 of the General Data Protection Regulation (GDPR).

The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU - for personal data transferred from the EU to US companies participating in the EU-US Data Privacy Framework. Once an adequacy decision is in place, participating companies can transfer personal data freely without the need for additional data protection safeguards such as standard contractual clauses.

The EU-US Adequacy Decision is important not only for business certainty, but for the proper protection of EU citizens’ data and the successful operation of the GDPR.

As required under the GDPR, the European Commission continues to monitor developments in respect of these matters. In this regard, Article 45 of the GDPR provides that an adequacy decision can be, to the extent necessary, repealed, amended or suspended where an adequate level of protection is no longer ensured.