A proposed law change aims to ensure effective investigations by the Data Protection Commission (DPC) of data privacy complaints and will not prevent complainants speaking out about their concerns, the Department of Justice has said.
The department was reacting on Monday to claims by the Irish Council for Civil Liberties (ICCL) that an amendment to a Bill due for final debate this week is a “last-minute” effort to “muzzle” critics of the commission’s handling of complaints.
The amendment provides that the DPC may direct that information deemed by it to be confidential should not be disclosed. Failure to comply with a direction will be an offence liable on summary conviction to a €5,000 fine.
Dr Johnny Ryan of the ICCL said on Sunday the amendment “will gag people from speaking about how the DPC handles their complaint, and from speaking about how big tech firms or public bodies are misusing their data”.
Your top stories on Tuesday
The Listeners review: Creepy and absorbing thriller is a showcase for Irish actor Ollie West
Laura Kennedy: After Trump’s win, we all seemed to drift with the sense the world looked very different from the day before
Opinion: Students deserve a reformed Leaving Cert that prepares them for the modern world
The ICCL believes there is no explanation concerning what, or why, information may be deemed confidential, he said. “Even information that is not ‘commercially sensitive’ will no longer be utterable.”
The amendment would mean journalists would be unable to properly report on Ireland’s General Data Protection Regulation (GDPR) supervision of big tech firms with European headquarters in the State, including Google, Meta and TikTok, Dr Ryan said.
A spokeswoman for the Department of Justice said on Monday that there appeared to be “a misinterpretation” of the scope and purpose of the amendment.
The intention to bring forward an amendment to the confidentiality provisions of the Data Protection Act 2018 – being effected by amendment of the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 – was highlighted to the Dáil in October and November last and does not impact on media reporting on the GDPR or on the DPC’s obligations under the GDPR, she said.
Nothing in the amendment would prevent a complainant speaking out about the nature of their data privacy complaint or that a complaint had been made to the DPC, she added.
The amendment applies only to persons engaged with the DPC in the context of the performance of statutory functions, referred to as “relevant functions” in the Data Protection Act 2018, including inquiries and investigations, defined in section 26A (5), she said.
The aim was “to ensure investigation of breaches of GDPR can be investigated effectively and fairly so that robust sanctions can be applied and the privacy of EU citizens protected”.
Breaches of confidentiality during an investigation could undermine the ability to effectively regulate data processors and allow breaches to go unsanctioned, she said.
While the amendment permits the DPC to direct that information was not to be disclosed, the commission must identify the specific information and the specific reasons by reference to the definition of confidential information, she said.
