Published on 

Seanad Adjournment Debate, 8 October 2013: The need for the Minister for Justice and Equality to outline what steps he will take to ensure that personal data is afforded a greater level of security on the Internet.- Senator Deirdre Clune

Response by Minister of State Dinny McGinley, TD, on behalf of Alan Shatter, TD, the Minister for Justice, Equality and Defence

[Leas] Cathaoirleach,

I am standing in for my colleague the Minister for Justice and Equality who is unavailable at present. At the outset, I want to thank Senator Clune for raising this important subject. It is a matter of importance to all of us who use the internet, whether for commercial, personal or leisure purposes.

By way of introduction, I should state that general issues of internet security are matters for the Minister for Communications, Energy and Natural Resources and his Department, while data protection policy falls within the area of policy responsibility of the Minister for Justice and Equality.

Communication networks and information systems have become an essential component of both our economic systems and social life. All of us here today have witnessed an information technology revolution in our lifetimes, and the pace of change shows no sign of slackening. Electronic communication systems and networks have become necessary utilities, almost the same as electricity or water supplies.

The security of those networks and information systems is therefore a matter of utmost concern, not only for business but for individual citizens. Security breaches, whether they arise from accidental loss, mistakes or unauthorised access such as hacking, pose a threat for businesses and for individuals alike. They also put at risk the trust and confidence of users of the internet services which are essential to the continued development of the digital economy, and the economic growth and job creation potential of this dynamic sector.

The threats to internet security are continuously changing. The European Union has reacted by establishing the European Union Agency for Network and Information Security (ENISA) to raise awareness of network and information security and to develop and promote a culture of network security in society for the benefit of citizens, consumers, businesses and public sector bodies. It also assists Member States in enhancing and strengthening their capability to prevent, detect and respond to network and information security breaches.

Specific safeguards for the protection of personal data, which also apply in respect of the processing of such data in the internet context, are also in place at European Union level. I would, on behalf of the Minister for Justice and Equality, like to take this opportunity to briefly set out the background.

The centrepiece of existing EU legislation on personal data protection is Directive 95/46/EC which seeks to reconcile the protection of personal data with the free flow of such data within the internal market and to countries outside the EU. It has been transposed into Irish law in the Data Protection (Amendment) Act 2003 which supplements the Data Protection Act 1988.

This legislation requires all those handling personal data to take appropriate security measures against unauthorised access to, or unauthorised alteration or disclosure of, the data, in particular where processing operations involve the transmission of such data over a network. In determining what is appropriate in any particular case, account must be taken of the risk of harm that might result from security breaches and the state of technological development and costs of implementation. These security measures also apply where data are transferred to a destination outside the European Union.

The 1995 Data Protection Directive has been supplemented by other more specific legislative measures, such as the e-Privacy Directive which applies to providers of publicly available electronic communications services, namely telecom providers and ISPs. This Directive requires such companies to take appropriate measures to safeguard security of their services and to protect the confidentiality of communications and related traffic data.

In January 2012, the European Commission tabled proposals for a reform of the current data protection framework and these proposals are currently being discussed separately in the Council of the European Union and in the European Parliament. These proposals, if implemented in their current form, would provide substantial extra protection for the privacy of citizens across Europe.

It is generally recognised that the 1995 Directive’s standards need to be updated to take account of more recent developments such as increased usage of mobile phones, cloud computing, social networking and increasing globalisation of data transfers. Key features of the existing legislation, including the need for appropriate security measures, remain part of the reform agenda. The proposed Regulation’s enhanced data protection standards will, when agreed, apply directly in all Member States without the need for transposing national legislation.

As the Senator may be aware, achieving progress on the reform proposals was a priority of the Irish Presidency and I am pleased to say that substantial progress was achieved on key aspects of the reform package. The reform proposals remain a priority for the current Lithuanian Presidency. Indeed, a detailed debate on an important aspect of the reform proposal took place at a meeting of the Justice and Home Affairs Council in Luxembourg yesterday at which the Minister attended and participated in. However, it is not possible at this stage to predict when agreement between the Council and the European Parliament can be reached.

Thank you.