Commencement Matter – Seanad Éireann – Statement by Minister of State James Browne
Senator Malcolm Byrne
The need for the Minister for Justice to make a statement on the recent High Court judgement in the Schrems II case and its implication on Ireland’s reputation for overseeing the regulation of European citizens’ data
17 November 2020
*Check against delivery*
Thank you Senator for raising this matter before the House this morning.
From the outset, it is important to note that the Data Protection Commission is independent in the performance of its tasks and the exercise of its powers. The Senator will therefore appreciate that I cannot comment on legal proceedings which the Commission was or is involved in, nor can I comment on the findings of the courts, as they too are independent in the exercise of their duties.
As the Senator is aware, the case referred to arose from a complaint referred to the Data Protection Commission in June 2013 concerning the transfer of personal data to the US under the European Commission’s “Safe Harbour” adequacy decision. In October 2015, the Court struck down Safe Harbour and the original case in the High Court was reformulated to challenge the transfer of EU citizens’ personal data to the US via the use of standard contractual clauses (SCCs). It is a matter of public record that the Data Protection Commission was involved in these proceedings and the Court referred a number of questions to the European Court of Justice.
In its ruling in July, the Court of Justice upheld the use of SCCs to transfer data, but struck down the EU-US Privacy Shield adequacy decision on the basis that the US does not provide adequate, enforceable safeguards and redress mechanisms where EU citizens’ data was forwarded to and processed by US intelligence services by US companies. Concerns about the lack of enforceable protections was also raised in relation to the use of Standard Contractual Clauses to transfer data to the US. More recently, both Facebook and Mr. Schrems have instigated separate judicial review proceedings of the Data Protection Commission in the High Court concerning matters raised in both ECJ judgments, and I will not comment any further.
However, I will reiterate that the Government respects the judgment of the Court, and is fully supportive of the need to protect citizens’ data through enforceable safeguards and for proper redress mechanisms.
The Senator will appreciate that the GDPR provides for high data protection standards, imposes detailed obligations on bodies that process personal data and provides a range of possible sanctions, some very significant, when those standards are breached. It is the GDPR that specifies how bodies are to be regulated and all parties must adhere to those obligations. Enforcement of the GDPR is a matter for the Data Protection Commission, sometimes as the lead authority in the EU under the One-Stop-Shop mechanism, and other independent supervisory authorities across the EU in accordance with the processes set out by the GDPR.
The Government has every confidence in the Data Protection Commission in meeting its responsibilities to enforce and protect the data protection rights of EU citizens to the highest standards as required by the GDPR.