Sir, – As organisations, academics and legal practitioners working for the advancement of data protection in Ireland, we have grave concerns about the Data Sharing and Governance Bill 2018.
Currently at the report stage in Seanad Éireann, the Bill is aimed at regulating the sharing of personal information between public bodies for processing. However, the Bill fails to implement transparency and consent requirements mandated under the EU general data protection regulation (GDPR) and legal precedent at the Court of Justice of the European Union. People must be clearly informed about – and clearly consent to – having their personal information collected and transferred from one public administrative body to another for processing.
Further, it is insufficient to merely acknowledge the GDPR standard of necessity and proportionality as a guiding principle directing this Bill. We agree with points made in the debates that this standard must be built in at all relevant stages as part of the operative tests within the Bill.
We also support Senator Alice-Mary Higgins’s point about the “once only” principle for data sharing. There are situations where it may not be necessary or proportionate to automatically share personal information. Instead, an individual might choose to provide their personal information directly, having been presented with alternatives for consideration.
We thank the Department of Public Expenditure and Reform for acknowledging through this Bill the importance of protecting our personal data and information. We now call on members of the Seanad to ensure that these principles are fully reflected in the Bill. – Yours, etc,
ELIZABETH FARRIES,
Information Rights
Project Manager,
Irish Council
for Civil Liberties;
SIMON McGARR,
Director,
Data Compliance Europe;
Dr MARIA HELEN
MURPHY,
Lecturer in Law,
Maynooth University;
DARAGH O’BRIEN,
Managing Director,
Castlebridge;
ANTOIN Ó LACHTNAIN,
Director,
Digital Rights Ireland.