Data Protection Bill 2018 – Seanad Second Stage

Charlie Flanagan, T.D, Minister for Justice and Equality launched the Data Protection Bill 2018 in Seanad Eireann on Thursday 8^th February. In his address the Minister stressed how the legislation will strengthen the rules on data protection as people will have more control over their personal data and businesses will benefit from a level playing field.

The Minister stressed the importance of the impending legislation and how it will affect us all one way or another.

“It will affect each of us as individuals, because it will increase our control over the manner in which, and the purposes for which, our own personal data are used. It will affect businesses – whether large, medium or small – because it will require them to review, and update, the manner in which they collect, use or store the personal data of their customers and their clients, or any other individual whose personal data they retain. The same applies to Government Departments and public bodies.”

He said our current data protection law, based on the EU’s 1995 Data Protection Directive, is outdated as it does not account for mass internet usage, hand-held devices, apps and games, social networking, and data analytics, all of which involve the collection and processing of our personal data. He said the current law will remain largely unchanged but emphasised how the GDPR will enhance our control over our own personal data and the purposes for which it may be used.

• He referenced the important correlation between transparency and control, stating all information must be provided in a concise, transparent, intelligible and easily accessible format, using clear and plain language, and that it will no longer be acceptable to direct users to terms and conditions written in legal jargon. 
• Obligations on companies and public sector bodies that collect, use and store personal data are set to increase, but will do so in a measured and proportionate manner, and the compliance burden for some will increase.
• Establishment of the Data Protection Commission will ensure effective supervision and enforcement of high data protection standards. Public and private enforcement of data protection law will increase – the Data Protection Commission will in future have stronger supervision and enforcement powers, as well as a broader range of sanctions at its disposal, including the possibility of administrative fines.
• Limits will be put on the grounds for lawful processing of personal data by public authorities and bodies.
• The liability of controllers and processors will also be broadened to include non-material damage such as distress. In future, an individual who has suffered material or non-material damage because of a breach of his or her data protection rights under the GDPR or this legislation will have the right to seek compensation in the courts.
• Article 8 of the GDPR specifies a ‘digital age of consent’ of 16 years but allows Member states to lower it, but not below 13 years.

The Minister concluded his address by stating, “Article 8 of the EU Charter of Fundamental Rights provides simply that everyone has the right to protection of personal data concerning him or her, the GDPR and this Bill seek to make that a reality.” It is the Government’s intention to have the legislation in place by May.

http://www.justice.ie/en/JELR/Pages/SP18000046