Information

12 May 2017: Irish Government publishes the General Scheme of the Data Protection Bill 2017

The General Scheme is available here [enjoy all 171 pages of it!]

The EU General Data Protection Regulation and the Data Protection Directive for law enforcement bodies, which update EU data protection rules, were adopted last year and will come into force in Ireland in May 2018.

“Data protection affects all of us, whether in our private capacity as an individual or in our business or professional capacity.” The Tánaiste and Minister for Justice and Equality, Frances Fitzgerald TD

"Ahead of the May 2018 deadline, awareness-raising activities in Ireland and across the EU targeted at business and the voluntary sector are now beginning to intensify to help them to get ready." Minister of State for Data Protection, Dara Murphy TD

When the Data Protection Bill becomes law in May 2018, among other things it will in Ireland:

bring into force new data protection rules.
represent one of the most important regulatory reforms that has taken place in recent years.
ensure a uniform level of data protection across the EU and a level playing field for those doing business in the single digital market.
result in higher data protection standards for individuals.
impose higher data protection obligations on business.
result in benefits by increasing consumer trust and confidence in new technologies and business models
facilitate business to reap the full potential of the digital economy.
advance core EU concepts explicitly recognised in the EU Charter of Fundamental Rights of (i) the right that we all have to the safeguarding of our personal information and its use and (ii) ensure the protection of our personal privacy.
ensure that the rules will not apply to all organisations, public or private, large or small but will also encourage a cultural shift in how personal data is treated.
equip the supervisory authority, the Office of the Data Protection Commissioner, to supervise and enforce application of the new law.
protect individuals and will provide certainty for business and the public sector.
provide for a risk-based approach which means:

that individual data controllers and processors are required to put appropriate technical and organisational measures in place in order to ensure and be able to demonstrate that the processing of personal data is in compliance with the Regulation
taking into account the nature, scope, context and purposes of the processing and the risks of varying likelihood and severity for the rights and freedoms of individuals.
placing more emphasis on accountability and security of personal data, including more emphasis on transparency.

The General Scheme is available here

2 May 2017: BREXIT
The Irish Government has published its strategy for the negotiations between the EU and the UK on Britain's exit from the bloc. Data Protection is referenced a number of times within the strategy.

Why is this relevant to Privacy issues in Ireland. Put simply cooperation within the EU and among EU Member States across of range of policy areas and sectors, including with regard to the functioning of the Single Market, financial services, police and justice cooperation and the common foreign and security policy, relies on the secure exchange of information. This is facilitated through the EU’s data protection and control rules. Once the UK leaves the EU, it will not be protected or covered by these rules. A solution will need to be found in the context of any future relationship agreement or agreements to how the UK could meet the EU standards with regard to data protection and control. This is of particular importance for Ireland in the context of co-operation against organised crime and terrorism, and in the maintenance of the sharing of information which is an essential aspect of the Common Travel Area.

01 May 2017: General Data Protection Regulation (GDPR)
Click here to access the GDPR direct from the European Commission