Speech by Minister of State Dara Murphy T.D. with Responsibility for European Affairs and Data Protection at the Data Protection Practical Compliance Conference: ‘Data Protection at the Governmental Level – the Past Year’ 19 November, 2015


Check Against Delivery

Good morning ladies and gentlemen. Is mór an onóir dom fáilte a chur roimh gach duine anseo. It is an honour to welcome you all here.

Before I begin, I would like to thank Peter Carey for the invitation to speak here today. 
Just over a year ago, I spoke at your 2014 conference. I had just been appointed a few months earlier as the first Minister in the EU with responsibility for data protection and speaking at your conference was one of my first key engagements.

So I was delighted when the conference organisers asked me to come back this year and share with you today the key developments that have taken place in the area of data protection at governmental level over the past year.

The digital revolution is here, and here to stay. There is now an ever increasing presence of digital technology in almost every facet of our lives. This in turn has led to a surge in the amount of personal data being generated about us as we go about our daily lives. And with these developments, the need to protect the rights of the data subject is greater than ever. 
This digital communications revolution brings with it challenges for public policy makers, legislators and governments. 
Key amongst those challenges is devising a regime to protect the privacy of the users of the digital space that is consistent with their use and expectations, is compatible with the commercial needs of service providers and that will function efficiently in a multi-jurisdictional, global legal environment.
Nowhere are these challenges more clearly seen than in the recent striking down of the Safe Harbour decision by the Court of Justice of the European Union. The Court reaffirmed the right to data protection as a fundamental right and confirmed the need to have robust data protection protections in place to safeguard the transfer of citizens' data outside of the EU.

The implications of the judgement are wide-ranging and we still don’t have answers to all the questions that it raises.

This ruling also comes at a time when the EU is pursuing a more integrated approach to the Digital Single Market. As well as the advantages that it could bring to consumers across the EU, the Commission estimates that the Regulation will provide savings for businesses of around €2.3 billion a year.
It is crucial that we avoid a fragmented response to the ruling by individual Data Protection Authorities across the EU. To prevent this, the Article 29 Working Party has been working with the Commission to try and ensure a unified response to the judgement, and provide a period of stability. The Commission’s guidance for business is also a welcome development and should provide business with some clarity during this transition period.

Commissioner Jourova returned yesterday from a trip to Washington, the latest stage in a long series of negotiations that have been taking place with the US since 2013.

I have been urging both sides to reach a swift and successful outcome to these negotiations, and I welcome the Commission’s aim to conclude these negotiations within the next three months.

Of course, this is not the only matter which is currently in negotiation at European level. I am delighted to say that significant progress has been made in the last 12 months in reforming the EU’s rules on data protection.

Let me mention first the EU Data Protection Regulation, which I know Rob Corbet will be discussing in greater detail with you later.

EU Data Protection Regulation
Ireland has, from the outset, been a strong advocate for the new Data Protection Regulation.

The current EU legislation is 20 years old and does not meet the needs of the digital age in which we live. The new Regulation will establish rules adapted to the 21st Century, and importantly introduce a single set of rules across the EU. This will eliminate the current fragmentation and so make it easier to do business across the EU.
The Regulation will enhance the level of personal data protection for individuals and increase business opportunities in the Digital Single Market. 
The One-Stop-Shop mechanism will simplify the lives of both citizens and business by ensuring that you will only have to deal with one data regulator for breaches occurring anywhere in the 28 Member States.

We have strongly advocated for a workable Regulation, which avoids delays and cumbersome bureaucracy. The Global Innovation Index 2015 ranks Ireland as the 8th most innovative countries in the world. And we must ensure that the Regulation only enhances this status.

We want to ensure that, under the new Regulation, data is afforded the maximum possible protection without stifling technological development and enterprise, thereby creating the environment to allow jobs and growth to flourish.
Since my appointment as Minister, I have led Ireland’s negotiations on the Regulation, and I was delighted that after three years, we reached a general approach at the Justice and Home Affairs Council last June. As you will no doubt be aware, the Regulation is now in trilogue and I welcome the ambitious target of the Luxembourg Presidency to reach an overall agreement by the end of the year.

EU Data Protection Directive
This isn’t the only piece of legislation that the Presidency aims to conclude by the end of the year. They also hope to finalise work on the Data Protection Directive.

This Directive will ensure a high level of protection of personal data and facilitate the effective exchange of personal data between law enforcement authorities within the EU for the purposes of combating crime. The tragic and horrific events in Paris last Friday demonstrate the importance of co-operation between law enforcement authorities across the EU.

At times such as this, we are reminded that the right to data privacy and data protection is not absolute. The right to safety and security, indeed the right to life, are key in any democratic

society, and part of our challenge is to ensure an appropriate balance of rights.

EU-US Data Protection Umbrella agreement
And while talks on Safe Harbour continue, I was glad to see that negotiations on the EU-US Data Protection Umbrella Agreement were finalised last September. Once signed, the Agreement will ensure higher levels of data protection for all personal data exchanged between EU and US law enforcement authorities.

The Umbrella Agreement will only be signed once the US Judicial Redress Act is passed. This Act will grant judicial redress rights to EU citizens and I welcome the progress which the Act is making through Congress.

National Developments
While much has been happening at international and EU levels, we have been equally busy progressing the data protection agenda at national level,.

ODPC resources
Having a strong independent regulator in place is key to providing a robust approach to data protection. Much progress has been made over the last two budgets in strengthening resources for the Office of the Data Protection Commissioner.

I was delighted to have been able to secure significant increases in resources for the Office, which has seen a 150% increase in funding from 2014 to 2016. The Commissioner’s annual budget for next year will be over €4.7million.

This will allow the recruitment of additional staff which, by the end of 2016, will see an effective doubling of staff over the course of the two years.

Additionally, we are in the process of establishing a Dublin Office for the ODPC, which will complement the existing base in Portarlington. And in the meantime, a temporary office has been provided here in Dublin.

Government Data Forum
There can be no doubt that Data Protection is a complex area. I do not believe that any one discipline or sector can provide the all of the answers to the questions that face us today in relation to data and data privacy. 
Since I was appointed as Minister, I am delighted to have had many opportunities to engage with a wide range of stakeholders, each of whom brings their own perspective to these issues.

Before the Summer, we established the Government Data Forum. I chair this Forum which brings together experts from a range of different areas; industry, civil society, sociologists, psychologists, legal experts and the public sector.
We have held two meetings of the Forum and it has initially decided to focus on the societal implications that arise from the increasing digitisation of modern life.

I have been struck by the enthusiasm that the Forum members bring to their role and hope that it can make a contribution to the development of thinking in this area.

Inter-Departmental Committee on Data-Related Issues
Data Protection has been quickly moving up the Government’s agenda. We need to ensure that the public sector becomes a centre of excellence when it comes to data protection.

A key element to achieving this has been the establishment of the Inter-Departmental Committee on data-related issues.

This Committee brings together the key individuals with responsibility for data protection in each Government Department. There has been excellent engagement by those on the Committee and it is becoming the platform for the development and sharing of good practice. The Committee has met on three occasions over the past year and is helping to facilitate a whole of Government perspective on data protection issues.

Awareness-raising events
However, the Committee is only one of the measures undertaken to raise awareness across the public sector.

We have hosted two major data protection awareness-raising events during the past year. The first was targeted at the semi-state and state boards sector, and the second, held last week, was aimed at the Local Government sector. There was a great turnout at both, which demonstrates to me the seriousness with which data protection is being taken. Helen Dixon and her team worked with us at these events, and I was assured by the level of enthusiasm and engagement shown at each event.

To support all of these initiatives, a Data Protection Unit has been established in the Department of the Taoiseach.

Launch of Ireland’s cyber security strategy
To complement the work that we have been doing in the data protection area, last July the Government published the National Cyber Security Strategy 2015-2017.

The Strategy sets out our approach to facilitating the resilient, safe and secure operation of our ICT networks, systems and infrastructure.

It identifies work which will foster a culture of understanding and most importantly, will increase awareness of the importance of cyber security issues for both citizens and businesses.

We can all agreed that effective cyber security is necessary for open, safe and confident access to the internet, and the successful implementation of the Strategy is vital to maintaining this.

2015 has seen substantial progress made on the data protection agenda at Governmental level.

Looking ahead, I can only see 2016 being an even busier year for those of us in the area.

Thank you again for the invitation here today. Conferences such as this are vital to sharing knowledge, good practice and building links.

I hope that you enjoy the rest of the conference – Rob and his colleagues have certainly put together a challenging and interesting programme.

Go raibh míle maith agaibh.