Dáil Éireann debate -
Wednesday, 29 Jun 1988

I move amendment No. 15:

In page 6, between lines 41 and 42, to insert the following subsection:

"(4) For the purposes of this Act a data controller may mean a person, who is a partner in a partnership, who shall be deemed to be acting on behalf of all partners in such partnership as respects the data concerned.".

This amendment is tabled to cater for the difficulties which could be foreseen where a partnership would have data processing services and the particular machinery and equipment mentioned in the Bill and each partner in the partnership — as the Minister confirmed on Second Stage — would have to register as a data controller.

If we look at the definition section in section 1, a data controller means a person who, either alone or with others, controls the contents and use of personal data. Despite that, it appears that partnerships are not regarded as being one body and each partner under the Bill is required to register as a data controller. That is somewhat unrealistic and cumbersome and one of the objectives of the Bill is that is should be within the range of realism and that it should not impose an unrealistic burden on business and commercial concerns generally. It would be cumbersome and difficult to operate if each partner in an accountancy or solicitor firm had to register as a data controller for the purposes of the Bill. It would be more realistic to designate one partner as the person who will act on behalf of all the partners as a data controller.

The definition seems to indicate that such a situation is envisaged in the Bill. I ask the Minister to have regard to that definition and specifically to accept the principle behind my amendment. It is not attempting to get away with non-registration or to evade the responsibilities which this Bill places on those in commerce, but it would be more realistic. There would be large registration cost and bureaucratic procedures which are unnecessary. For many other purposes, a partnership is treated as one unit. It would be realistic in this instance to also treat it as one unit.

I appreciate that the position of partners under the Bill requires particular attention because of the nature of the partnership. Under the definition of data controller in subsection (1), any person who controls personal data either alone or with other partners will be a data controller. That will be a matter of fact in each case and should not give rise to any special difficulties. So far as partners who may have to register are concerned, there is provision under section 20 for regulations to prescribe such matters and procedure as the particulars to be included in entries in the register, and also any other matters that may be necessary or expendient for the purposes of enabling the registration provisions to have full effect. This will give an appreciable degree of flexibility which will deal with any difficulty in relation to the registration of partnerships. I would envisage that a partnership would in effect be registered as such in the sense that partners who had control over the personal data concerned would be registered as data controllers. In virtually all cases that would have to include all the partners. That procedure will meet the concerns expressed by the Deputy.

Perhaps I misheard the Minister but he seems to be saying that on the one hand regulations can be introduced under section 20 which will mean that it will not be a cumbersome procedure but, on the other hand, I thought the Minister said that every partner will have to be registered as a data controller. The aim of my amendment is to obviate the necessity for that.

As far as partners who may have to register are concerned there is provision in section 20 for regulations to prescribe such matters of procedure as the particulars to be included in entries in the register and also any other matters that may be necessary or expedient for the purposes of enabling the registration provisions to have full effect. That would give a degree of flexibility which is sufficient. I am quite happy that that will deal with any difficulty in relation to the registration of partnerships. I would envisage that a partnership would in effect be registered as such in the sense that partners who had control over the personal data concerned would be registered as data controllers and in virtually all cases, that would have to include all the partners. I am sure that will meet the concern expressed by Deputy Colley.

With respect, Minister, it does not, because the point I am trying to make is that if for instance one were talking about a Government Department one person would be designed as the data controller. I presume that private companies would also have one person designed as a data controller so that everybody who deals with the data would not be registered as a data controller. It is unnecessary to have every member of a partnership designated as a data controller for the purposes of this Bill. For the purposes of this Bill one person could be designated and perhaps the wording should be added that that person would be indemnified by the other partners if any action was taken under section 7 or under the law of Tort.

Amendment No. 16 in the name of Deputy Shatter. Amendments Nos. 17 and 18 are alternative amendments and amendment No. 111 is consequential. Therefore, I propose that we take for discussion together amendments Nos. 16, 17, 18 and 111. Agreed.

I move amendment No. 16:

In page 6, subsection (4), to delete lines 43 to 45, and substitute the following:

"(a) personal data that in the opinion of the Minister or the Minister for Defence is kept for the purpose of safeguarding the security of the State save where such opinion is set aside upon review by the Circuit Court or by the Supreme Court on Appeal,".

I referred to this matter during the Second Stage debate. While I accept that the Minister and the Minister for Defence may on occasion for the purposes of security have to keep information to themselves relating to individuals living in the State, there is a question of opinion as to what is information that has a security content. The Bill as drafted does not provide for any court of appeal. There should be some method by which people can appeal against information held under the heading "security". Amendment No. 16 seeks to replace section 1 (4) with the following wording:

"(a) personal data in the opinion of the Minister or the Minister for Defence is kept for the purpose of safeguarding the security of the State save where such opinion is set aside upon review by the Circuit Court or by the Supreme Court on Appeal,".

What is intended here is that the court would not disclose the information to either the individual or his legal representatives but that a judge would act as an arbitrator in a review procedure. We would not envisage that any information would be disclosed to anybody. A Circuit Court Judge will decide whether he regards information as being of a high security nature and he could dismiss any appeal without disclosing the information to the individual. There could be a further appeal to the Supreme Court which would again fulfil a similar role. Will the Minister look at these reasonable amendments given the type of information that could be held concerning an individual and the difficulty that that individual would have in trying to secure from the State the information held by the State about him or her? The procedure we have set out here — using the Circuit Court initially and the Supreme Court on appeal — would be a satisfactory way of dealing with this particular aspect.

These amendments propose that decisions as to whether personal data kept for the purpose of safeguarding the security of the State should be subject to review by a judge of the Circuit Court with an appeal to the Supreme Court. I do not agree because the exclusion of security data from the Bill is authorised by Article 9 of the convention — I think we all agree on that. In no circumstances do we want any access to these data except by those people who have the responsibility of safeguarding our national security. This kind of intelligence information must, of its nature, be confined to those whose job it is to safeguard State security and even there to the smallest possible group of people. That is because of the highly sensitive character of the information which if it were to be disclosed could possibly result in deaths or injuries.

It goes further than that. We do not want people to know whether information of this kind is kept about them because in many cases mere knowledge of the existence of such information could be detrimental to State security and could put people at risk. That is why we have selected those Ministers who have been given responsibility for this area under the law and who are answerable to the House to have the final decision in the event of any dispute arising.

In the United Kingdom a certificate of a Minister that an exemption is required for the purpose of safeguarding national security is made conclusive evidence of that fact. That is an example of the importance attached elsewhere to the considerations I have mentioned. In the Bill we make the exclusion dependent on the opinion of either Minister and a certificate to that effect is made evidence of that opinion in any proceedings. It will not, however, be conclusive evidence. The provision in the Bill is in line with those in foreign legislation which we have examined. It is in accord with the convention and I believe it is essential to keep it in its present form.

I want to reiterate that I have no objections to information being held by the State which has a high security content. Naturally, the State would not be anxious to disclose the content of that information. In the way that subsection is worded it is a matter of opinion as to what is information of a security nature. All of us in this House will recall that in the not too distant past we complained bitterly when the contents of a report were not disclosed because it was felt it was for security reasons. There was the question of opinion here as to whether it was for security reasons.

I am not suggesting that this Minister for Justice or this Minister for Defence would abuse the power given to them under this section but in the future there may be a dispute as to whether information held about any individual is or is not of a security nature. Therefore, rather than have a system whereby this information can be disclosed in public to anybody, I think it would be reasonable that a judge — after all, he is appointed by the Government to the Circuit Court — would examine the information and form an opinion as to whether he felt this was information of a security nature and, therefore, he could dismiss such an appeal or allow it to go to the Supreme Court. None of this information would be disclosed to anybody but it is a safeguard that should be included in this Bill.

If the Minister wishes to redraft what I have suggested in some other way and come back later this evening before we complete Report Stage I would be very pleased. I do not want to allow a situation where information of a security nature would have to be disclosed to anybody. If it can be worded in a different way to cater for the fears I have expressed I would be only too pleased to co-operate. People can form an opinion that in another person's opinion would not be information of a security nature. If we are asking other people to disclose information about an individual, I do not think anybody should be immune from the law unless it is information of a high security nature. The only way that can be done is to give it to a judge or a particular court: if you want to cut out the Circuit Court and go directly to the Supreme Court I have no objections to that but there should be some court of appeal for somebody who feels very strongly about information that is being held about him and has reason to believe that that information should not be in the hands of the State or anybody else.

I support the thrust of amendment No. 16. Despite the good standing of the Minister and the Minister for Defence, there is the possibility in the future of a situation occurring where if an individual applies for information about data which is held on him he may be told that it relates to security and cannot be divulged. It may, in fact, not relate to security at all but there is no way in which that individual can check that out. It does not mean he has to find out what the information is but there should be some scrutiny over it. This is a very wide power which we are giving here and it could negate the whole purpose of the Bill regarding Government bodies and Departments. Whether it should be the Circuit Court or another court or a judge sitting in chambers that would not endanger the security of the State. If a judge of high standing sitting in chambers were to hear certain evidence, without divulging any of it to the individual concerned or any other group of individuals, I think there would be a better safeguard.

Democracy should always have checks and balances. In this instance, in this part of the Bill, there are no checks and balances and it worries me. It is no reflection on the Ministers but we do not know what will happen in the future and this Bill, when enacted, will be on the stocks for many years presumably, perhaps amended from time to time but the basic attitude in these sections will be continued. I ask the Minister to give serious consideration to putting in some type of safeguard. Merely the opinion of one or other Minister is very open and, to a large extent, is anti-democratic in the way it could be operated.

I can understand very readily the sentiments of Deputy Barrett and Deputy Colley and if I were sitting on that side of the House I could very easily make the same argument. This argument has been made on a number of occasions. It was made recently when the debate was going on in relation to the Garda Complaints Bill. It was then suggested that the chairman of the Garda Complaints Board, rather than the Minister for Justice, should have the final say as to whether information prejudicial to State security should be omitted from the report of an officer investigating the complaint. That is more or less the same as what we are talking about now. It is a somewhat analogous point. My immediate predecessor, Deputy Dukes, said that the provisions in that Bill were being criticised on the basis that it was wrong that the definition of security of the State should be reserved to the apparatus designed to protect security. In the course of the debate on that issue speaking in the Seanad on 9 July 1986, Official Report, Vol. 113, column 2175 he said:

I do not see anything wrong with acknowledging and providing for the exercise of the responsibility that we vest in certain people involved in the administration of our judicial... system and who are involved ex offico in protecting the security of the State. It would be totally wrong to provide that the Minister for Justice should have no role in that because it is part of his responsibility given to him and confirmed by the seal of office the President hands to him.

In relation to a proposal that the ultimate decision on the matter should lie with the complaints board he went on to say, and I quote from column 2177:

I do not think that is a proper way to deal with a matter which could affect the security of the State or put another person's life at risk. It would give the board a right to insist on disclosure of information which, on grounds of public policy, even the courts cannot require to be disclosed. There is ample documentation in regard to that point.

These are exactly my sentiments. From a practical point of view Members would agree that if a matter such as this of a high security content and which would have very serious consequences on disclosure goes to a court you are certainly widening the number of persons that will be aware of what is there and it is very likely it will get out. None of us want the consequences that could result from that which would be to make it easier to happen than it is. God knows, we have enough trouble at times in keeping security information limited to the number who are meant to deal with it. I think Deputies will agree with me on that.

With respect to the Minister, what is being discussed here is somewhat analagous to the Garda Complaints Board. The Minister refers to the fact that high security matters should not be disclosed. He refers to reports from the Garda Complaints Board and says that certain things should not be included. Here we are not talking about whether high security matters are involved. We are talking about ordinary matters being dressed up as high security matters for the purpose of excluding them from the person's accessibility.

Neither is it necessary that a whole group of people in a public court have to be involved in this. Surely it is not beyond the bounds of our imagination and ingenuity to come up with some system of scrutiny of what is said to be in the Bill, simply an opinion of the Minister for Justice or the Minister for Defence. It seems to be a very wide power with no stops on it at all save the fact that the seal of office of the Minister has been given to him by the President under certain rules and conditions; in other words he is expected to do his job properly. If by any chance there is a bad apple in the barrel and he does not do his job properly, where are we? The provision could be very easily used by unscrupulous people who would not wish to divulge certain information perhaps because it might damage a Department's reputation. Any number of things can occur where the public servants do not wish information to be revealed. It is possible that it could be hidden under this subsection. It is dangerous. I think the Minister is overstating the difficulties. He should perhaps give some thought to using a judge in chambers to decide on the gravity of the situation and whether the opinion formed by the Minister for Justice or the Minister for Defence is reasonably formed and on a reasonable basis.

We are talking here about personal data as distinct from the movements of an individual, whom he or she meets and so on. I have come across occasions where Garda reports contain information about individuals that has subsequently turned out to be inaccurate. That information can be very detrimental to an individual.

If this Bill is enacted the Minister of the day is not going to deal personally with every single application. The Minister for Justice anyway, no matter who he is, has so much on his plate that he will not be dealing with all this himself. An official of the Department will be dealing with it, so other people will know; it is not just in the Minister's head.

Amendment No. 111 provides that a Circuit Court judge may seek the relevant information, but it is the judge alone. This is not being heard in public and there will not be barristers on the side of the defendant and a whole open court session about this application. This will be a Circuit Court judge who may look at the information or he may not. If he does he and he alone will see it and he will either refuse or grant what is sought. Then there is a right of appeal to the Supreme Court and again only the Supreme Court will look at this information. I am quite certain that only rarely will this happen but it is a sign that within our legislation we have an open society.

Once you become a Minister you cannot automatically say to everybody: "You can hump off; I am not giving you information because in my opinion it is of a very high security nature. You can do what you like but I am protected by the law". We could have that sort of system but it would not do much for democracy. It is better to be seen to be open and prepared to be examined if necessary in exceptional cases. We are talking only about personal data and if it happened that information was held about any one of us that was inaccurate we would all be very anxious to get rid of it from the file whether it be in a computer or a manual file, because the consequences to individuals and their families can be enormous. If the State is going to retain so much power in this legislation, it is only reasonable that in exceptional circumstances in the first instance a Circuirt Court judge, in chambers if you wish, can ask to see this information that is so important and confirm or reject the opinion of the Minister. If you are still not happy you can go to the Supreme Court. If you want to rule out a Circuit Court judge I will have no hang ups about that. If you have to go to the Supreme Court, fair enough, but surely nobody would suggest for one minute that the members of the Supreme Court are individuals who are going to go around the town giving out information they have got of a high security nature. They are not. They are very responsible individuals.

Something done in this Bill along the lines I am suggesting would be an indication to the public out there that nobody can say: "Hump off, I am not going to consider your application". That is a good thing in democracy.

I am not going to be dogmatic about the wording I have suggested here or insist it has to be the way it is outlined in amendment No. 16. If the Minister accepts the point, can he not between now and whenever we finish Committee Stage come back with maybe a suggestion for Report Stage? Then we could consider it. I am concerned about the principle here and I think it worth while pursuing.

The provision in the Bill is in line with all the other legislation we have examined on the European scene and is no different from what our partners in Europe have. It is exactly the same and I have no doubt but that the same type of discussion took place in the different parliaments when their data protection legislation was being enacted. The provision we have is in accord with the Convention.

I appreciate very much that the Deputies want to prevent non-security data being certified as security data. I can understand that as well, but the amendment would give a right of review of all data certified by the Minister to be security data, even if it is security data as presumbaly it would be. I am very satisfied that no Minister who has to sign the certificates, irrespective of how busy he might be — the Minister has to sign the certificates — is going to express formally an opinion on such a matter without being satisfied that he could justify that opinion if necessary in court, because the possibility can never be excluded that the information in question would be irregularly disclosed later. That is always there, even with the highest security matters, and God knows from our experience over the years we should know well it is there. It can be taken for granted that no Minister will give a certificate for this purpose without making sure it is in order because if it is not he cannot be sure the matter will not become public knowledge. If that were to develop, we all know the situation that would develop in this House at that time, and rightly so.

As I said, and I think everybody agrees with me, security information must be confined to the smallest number of people possible. That is absolutely essential. The amendments propose that decisions as to whether personal data are kept for the purpose of safeguarding the security of the State should be subject to review by a judge of the Circuit Court, with an appeal to the Supreme Court. That would be opening up the whole matter and the security risks and the cost would be far greater than they are now. In no circumstances would this House want access to these data except by the people who have the responsibility of safeguarding our national security.

We are talking about personal data and I presume the name of an informer would be described as personal data. If that sort of information came out, the consequences could be very grave. We are in line with every other European country, we are doing as they do and we are doing what the Convention allows us to do.

Amendment No. 17 in my name reads:

In page 6, subsection (4), lines 43 to 45, to delete paragraph (a).

I have listened to the debate and I am prepared to go along with amendment No. 16 in the name of Deputy Shatter. This is a most important area because it deals with the security of the State. As Deputy Barrett said, we are talking about personal data. I do not know what the Minister means by "personal data" but what comes to mind are photographs, age, place of birth, height, weight, marital status, family information and other personal statistics.

Everything is open to error, even court decisions. People have been wrongly convicted. People have been wrongly hanged. Here we are talking about a clerk in a ministry putting data into a computer and the Minister is saying there must be no appeal against that. There is such a thing as mistaken identity. You could have personal data on a very prominent member of the Provisionals but you might have the wrong photograph. That happens in newspapers. The wrong information might be fed into the computer and a person might be innocent of being involved in a certain organisation. It is very serious if such an individual cannot appeal.

It was suggested that the danger was that non-security data might be regarded as security data. That can happen in the Civil Service and in the Department of Defence, but there is more than that at stake. If an innocent person is named as a security risk that person can be considered to be a grave danger to the State.

As I said, in view of the Minister's remarks I am inclined to go along with Deputy Shatter's amendment as being best. Under Deputy Shatter's amendment the Minister would still make his decision, and it could only be overthrown by a court. In other words, a person would have to have very sound reasons for going to court, and would also have to have evidence showing there was something wrong with the data in the computer before going to court. That is a reasonable precaution because in normal circumstances a person would not dash into court just to annoy the Minister. This will be a costly procedure and a person must have good reason for taking that action.

The Minister should accept this amendment, or he might think of a suitable amendment to ensure that innocent people are not wrongly identified. Let me put it this way. There are data on a computer about a particular individual the Minister regards as a threat to the security of the State. That does not put that person in immediate danger, but under certain circumstances that person would be rounded up when specific decisions are made. It is more important that that information be accurate than the information on all the other individuals who are not regarded as a danger to the State, because very little is likely to happen to them, but the person in the first category is at very serious risk. If there is something wrong, if somebody is wrongly named, photographed or something like that, and if a person is wrongly included in those data, he must have a right of appeal to get out of that grave danger. That is the important point here.

The minimum the Minister should do is to accept Deputy Shatter's amendment which gives some right of appeal. The Minister is saying that once a person is marked as a danger to the security of the State he has no appeal against whatever data are on that computer. When the crisis comes — say internment is introduced — that person is under observation because he is considered to be a danger to the State, with no appeal and no rights. However, there could be a number of other consequences from this as well.

In the case of mistaken identity and wrong data inserted, innocent people could be involved. The Minister is concerned about the court because he believes more people would have access to the data. There might be some procedure at court in camera but a judge should be able to make a decision to have the minimum number of people involved, or the minimum amount of information made available. There must be some procedure and maybe Deputy Barrett could tell me.

Then there would not be any danger of widespread dissemination of information, which seems to be the Minister's main argument against accepting this amendment. I appeal to him to look at this again and if he does not accept that amendment perhaps he would suggest some other type of appeal he would think appropriate.

I appeal to the Minister to wear his parliamentarian hat as opposed to this Minister for Justice hat. There is undoubtedly a strong element of protection of State security in the Department of Justice, as there should be, but it seems to be an over-riding consideration where they are concerned. The Minister of the day, because he is also a parliamentarian, must balance up what he is being informed of by his Department and the nature of democracy. It is all very well to say that the same conditions and provisions apply throughout Europe in other legislation but we have here a particular type of democracy and Government system which we do not find in many of the other European states. We, unlike Britain, have a written Constitution which protects the rights of the individual. There is a place in legislation such as this for some checks and balances, which are not provided for in the subsection. The Minister has already said that if he were on this side of the House he would be making these very points.

Some person on behalf of the Fianna Fáil Party probably made those points in regard to the Garda Complaints Bill and that is why the Minister of the day replied in those terms. There is a duty on the Minister for Justice to balance the real and perceived needs of security with democracy and rights of the individual, which must be safeguarded.

I am still very concerned that non-security matters will be dealt with as security matters under this heading, while also being concerned about mistakes or omissions in the data. There is no way an individual can establish that a security risk is not involved if he wishes to erase or correct information. It is a very basic right enshrined in the Constitution that the individual has a right to vindicate himself. This legislation does not maintain that right.

We certainly have a dilemma here. I recognise that we must strike a balance. There is no disagreement so far as high security information is concerned. There must be absolute secrecy in regard to such information. The balance to be struck is a balance between injustice to an individual on the one hand and loss of life on the other hand. It boils down to that. This amendment would allow any subversive, who would be certain that his data were on the security computer, to have his claim that the data were non-security examined in the Circuit Court by one judge or by five judges in the Supreme Court. I do not think any of us would want that. High security information is valuable only when it is tightly held and available only to those who need to know. I do not think any of us would want to widen that in any way.

With regard to non-security information, this information has to be produced by the Garda, unless it prejudices the prevention of crime. With regard to the fear that non-security data might be certified as security data, I am more than satisfied that no Minister will formally express an opinion in such a matter without being satisfied that he could justify that opinion, if necessary in court. The possibility can never be excluded that the information on which he based his opinion might be secret information. Our experiences in the past have made that clear to us. I am satisfied that no Minister of any Government would give a certificate for this purpose without making sure that it was in order. It would be known, even to a small number, that the Minister was wrong in doing what he did. The ministry is a difficult and busy one and the Minister would not last ten minutes in the job if he gave a wrong opinion. The information would be used against him in some way. That information would not and could not be kept secret.

With regard to our obligations under this convention, we are not doing anything in any way different from our colleagues in Europe — no more and no less. I can readily understand the point of view that a balance has to be struck as against injustice to an individual on the one hand and loss of life on the other hand. That is what other administrations in the EC had to face up to as well. I can see why the amendments are put forward and I accept the intentions behind them, but the consequences would make it impossible for the people charged with State security to operate successfully.

I have listened very carefully to the Minister. Of course there must be a balance. The Minister talks about the security of the State, the disclosure of information and so on. We are elected to represent people. Suppose the son or daughter of one of us found out that gravely inaccurate information was held about him or her which was casting grave aspersions on his or her character, preventing the obtaining of employment or departure from the country. I had the honour of being in Government for a short four years. We all know how information is gathered. It is gathered by a number of people and put on file or computer. The Minister of the day is not involved in compiling the information. It is part of the job of the security forces to maintain the information on the file.

Anybody who knows that he is a member of the Provisional IRA, and has bombed and done all the horrible things that I speak out about any time I get an opportunity, is not going to go into the Circuit Court or the Supreme Court to look for this information on the basis that it is not for high security reasons that it is not being disclosed. What I am concerned about is that, in some of the very serious circumstances that could occur as a result of information being held, there should be some appeal to somebody. If I apply for a gun licence the procedure is that I go to the local sergeant and he can issue a gun licence. The sergeant might not issue a gun licence because he thought or heard something about me, but there is an appeal to the local superintendent, and the local superintendent will go further to investigate why this licence was refused and, in the process, could discover that a mistake had been made.

There is an appeal. I am quite certain of that because I was involved in a case. In this instance the reason a licence had been refused on a couple of occasions was that information that was held about this individual was not entirely accurate. The superintendent made it his business to check it out and discovered that this was so, that somebody put something inaccurate on a file which was held against that person's character.

The reality is that if people know there is a right of appeal they will be more careful about making absolutely certain that the information is correct. Once that protection is there it causes people to be far more careful.

I do not want to delay the House because there are a number of amendments, but we are dealing with a very serious issue and we could talk about it all day. I want to make an offer to the Minister. One cannot say that the Chief Justice is somebody who cannot be trusted with security of information about an individual, that he might leak it. The Chief Justice could be nominated in the Bill as the person to whom appeals could be made. It could be the President of the High Court but let the Minister put in somebody so that it will be seen that there is a right of appeal to somewhere and that it is not just politicians getting together and saying that in their opinion it is a security matter and that information should not be disclosed.

We all know how the system works. If the Minister puts in the Chief Justice or the President of the High Court I will be happy. It could be provided that a very senior member of the Judiciary would hear the case in chambers with no representations allowed; he could ask for information, look at that information and decide that the Minister is perfectly right, that that is a security matter and that the information should not be disclosed to anybody. If the Minister does this I will not press the amendments that are down in the name of Deputy Shatter. If the Minister can say to me that before we finish this Bill this evening he will put down an amendment which will be very tight but will allow one other individual to ever know what information is being held about an individual, I will be happy.

If the Minister cannot agree to that all I can say is that the members of the security forces change; if a person in the Special Branch retires he will be replaced by somebody else and somebody else will know the information. More and more people know about individuals every day of the week. The same people do not remain in one place for ever. Ministers change, civil servants change, and police officers change so a whole lot of people will know. If I retire from politics or from the Garda Síochána or from the Civil Service, I do not go out and blabber around the place what I know about Deputy Colley or Deputy Tomás Mac Giolla. There are certain standards because one is a particular type of individual.

All I am asking the Minister to do is to put in the President of the High Court or the Chief Justice and I will be happy. I am just asking that somebody be put in so that this thing will be resolved, because we are talking about opinions, the opinion of the Minister for Justice or the Minister for Defence, and opinions can differ. I want to keep people on their toes so that if they put something down on a file they are going to be damn sure that it is accurate. I do not see why an individual should be deprived of his rights in the area of employment or access to other countries or whatever.

My final point to the Minister is this, to forget about what they did in other European countries. We are talking about Ireland. Let us forget about England, Germany or France. If they want to conduct their business one way, let them do it. I am talking about Ireland. We were elected here to represent the people of Ireland and I want to see in this legislation some court of appeal, an individual such as the Chief Justice, the President of the High Court or the President of the Circuit Court, whoever the Minister wants to choose, that he thinks will be able to maintain information of a high security nature. If the Minister does that I will scrap these amendments.

I do not want to push this thing as if our view is the only view. I accept, as the Minister says, that one has to be extremely careful when one is dealing with security matters. If I were in his shoes I would be very nervous about letting anybody else have an ear into security matters, but let the Minister not tell me that the Chief Justice or the President of the High Court cannot be trusted about what is on a file about Seán Barrett. There are individuals who are highly responsible that we trust every day of the week to do certain things and, for the few exceptional cases that we are talking about, it would be worth while having this in. More important still, it would keep people on their toes so that when they are gathering information and storing it in a computer it will be accurate if it involves serious issues relating to a person's character. That is what I am concerned about.

I acknowledge that Deputy Barrett is doing his best to meet the situation as he sees it. I appreciate that he has nothing but proper motives in doing so, but there is a very great difficulty here which prevents me from accepting the proposal as the Deputy has now framed it, that is, that the mere disclosure that there are any data on a person, on a subversive in particular, on computer can, in itself, have very serious consequences which could result in the loss of life. That is the reality.

I do not differ from Deputy Barrett in his view that the Chief Justice or the President of the High Court would be suitable persons to be named here. There is no question in anybody's mind about their credibility so far as the security of the State is concerned, but if the mechanism suggested is provided, I am as definite as I can be about anything that the mere disclosure of that information being on a computer could in itself be sufficient to cause loss of life to somebody who is probably helping the security forces.

One of the most important things in dealing successfully in the security field is to confine information to the smallest possible pool. If there is any disclosure in any shape or form it will result in one or possibly two things. First, the source of that information may dry up and, secondly, somebody's life could be lost as a result of the admission that that information exists. It is an area where those involved have to be extremely careful and cautious. There is no problem if the information we are talking about is non-security information. The Garda Síochána must disclose that information unless the disclosure would prejudice the prevention of crime or the arrest of offenders. That is not left to the opinion of the Garda Síochána. On receiving a complaint the Garda Commissioner can examine the data to decide whether the Garda Síochána are justified in not disclosing that information. If the decision of the Garda Commissioner goes against the individual the individual can go to the Circuit Court to have it reviewed. Moreover, in due course a code of practice for the Garda Síochána will be put in place which will fill in the details on this matter, which we hope will be given the force of law by a later amendment.

While I would like to oblige Members of the House and be helpful to them, I am not in a position having regard to what is involved to go beyond what is contained in the Bill no matter how much I would like to do so. I appreciate what the Deputy seeks to achieve. The Deputy is trying to prevent non-security information being dressed up, if I may borrow Deputy Colley's phrase, as security information and being used as an excuse for denying a person his rights under this Bill. I have made it as clear as I possibly can, that no Minister, in having properly formed an opinion, would dare do that. He would not be able to stand here very long if he did for the reasons I have already spelled out.

In trying to provide for the position which both Deputy Barrett and Deputy Colley are genuinely concerned about, I am more than satisfied that persons involved in subversive activities against the State would and could look for information and would eventually bring the matter to the Supreme Court. If we were having a general discussion on security I think the House would agree that one of the difficulties which we have faced in dealing effectively with those engaged in subversive activities during the years is the way in which those engaged in these activities have been able to use the legislation to their best advantage. I do not accept that a member of the Provisional IRA or any fellow-traveller organisation engaged in subversive activity would not take it upon themselves to appeal to a court. I have no doubt about that and, as I have said, we in this country find ourselves in a more difficult position with regard to the security of our State than any of our European partners. We face far greater problems in trying to ensure that democracy survives. If we accept these amendments we will go over the top as it were, way beyond what any of our European partners have done in their legislation, in an effort to protect the interests of the State. I appreciate that that is not the intention.

I have already said I do not doubt the bona fides of Deputy Barrett or anybody else but I have no doubt that if we were to accept these amendments they would grant the right to a review of all data certified by the Minister to be security data. Bearing in mind the dilemma which we find ourselves in and the very delicate balance we have to strive for, on the one hand there is the possibility of an injustice while on the other there is the possibility of a loss of life. I believe we have struck the right balance, which is the only balance to strike in this instance. I ask the House to consider it in that light and not to press me further on these amendments.

I would be delighted to co-operate if I thought the case being made by the Minister was a justifiable one but quite honestly I think the case he is making does not stand up. Section 8 which deals with the disclosure of personal data in certain cases states:

Any restriction in this Act on the disclosure of personal data do not apply if the disclosure is—

(a) in the opinion of a member of the Garda Síochána not below the rank of chief superintendent or an officer of the Permanent Defence Force who holds an army rank not below that of colonel and is designated by the Minister for Defence under this paragraph, required for the purpose of safeguarding the security of the State,

Section 26 which relates to evidence in proceedings states:

(1) In any proceedings—

(a) a certificate signed by the Minister or the Minister for Defence and stating that in his opinion personal data are, or at any time were, kept for the purpose of safeguarding the security of the State shall be evidence of that opinion,

It goes on to state that a certificate signed by a member of the Garda Síochána not below the rank of chief superintendent or an officer of the Permanent Defence Force who holds an Army rank not below that of colonel shall be evidence of that opinion. It is a chief superintendent or a colonel in the Army who would actually sign the certificate saying that in the Minister's opinion this is confidential information.

It is not accurate to say that if it became known that the State had information in regard to any person, particularly in dealing with subversives, it would endanger life or limb because all that anyone would have to do is make an application and get a certificate signed by a chief superintendent or a colonel in the Army to say that they are not getting the information because in the Minister's opinion the information which they have about them is confidential and there would be a security risk involved if they were to disclose it. One cannot make an argument that if people got to know that the State had information about them it would endanger other people's lives because it is very simple to get information. All that one needs to do is to apply and obtain a certificate signed by a chief superintendent or a colonel in the Army. Therefore, that argument goes out of the window.

We are now down to the issue at stake, whether the opinion formed by the Minister for Justice or the Minister for Defence is the correct one. That opinion will be formed on the basis of the information supplied to those individuals from records established by other people. I am saying that because in certain exceptional cases the withholding of information about an individual could have serious consequences for that individual's future and that of his or her family, or his or her security for that matter, it is reasonable to test whether that opinion is accurate by allowing that person the right of appeal to, say, the Chief Justice or the President of the High Court. That is not going to affect security one little bit. The only other person who will have seen the information will be the President of the High Court. There is no point in the Minister saying "I would love to accept this amendment but by doing this we would let people know we have information about them". They can find that out quite simply at present and the procedure is there for them to find it out. However, all they will find out is that it is only a certificate which has been signed by a chief superintendent or colonel who will tell them they cannot have it because, in the Minister's opinion, the information they have would affect the security of the State.

I do not want the Minister to give out information about high security matters to anybody or to force him into the position where he would have to do that. I do not want to force him into the position where he would have to widen the net of those who know about this confidential information which is of a high security nature. I do not want him to do that; I just want him to build into the Bill a mechanism whereby the public, if they believe an opinion that has been formed on information supplied to the Minister for Justice or the Minister for Defence is wrong, can go to somebody else who holds a very high position in the State and is appointed by the Government. The Minister can choose whether it is a Supreme Court Judge, a Circuit Court judge, the Chief Justice or the President of the High Court.

I will withdraw these amendments if the Minister comes forward with an amendment in the next couple of hours which settles either on the Chief Justice or the President of the High Court. I, and I am sure everybody in this House, would be perfectly happy with that. It would be good for democracy and for the workings of the Government, the Defence Forces and the Garda Síochána to know that when they put down information on a file about somebody which has serious consequences for that person they are not immune from that information being disclosed if it is inaccurate. Serious consequences can exist for individuals when such information is held about them. Nobody can tell me that that has not happened in the past. It has happened and we all know it has happened.

We have condemned other jurisdictions who have not disclosed information and used the excuse of its security nature for not disclosing it. We recently criticised our neighbouring jurisdiction because a law officer used that excuse for not disclosing information. We in this country were very quick to criticise him. What I am saying is that if in one instance an opinion is formed and someone wants to challenge it — and I suggest it would be very seldom challenged — at least one would have a right to go to the President of the High Court and say "I want you to have a look at this". The President of the High Court will look at it and he will not disclose the information to the individual or to anybody else. He is the only one who will see it and if he decides at the end of the day that the Minister is right and the information should not be disclosed because it is of a high security nature that will be the end of it and the only person who will have seen the information is that judge.

That is not going to endanger the security of the State because if a member of the Special Branch leaves and is replaced by somebody else that person will find out the information. If a civil servant from the Department of Justice leaves, goes on holiday, gets sick or retires and is replaced by somebody else or if the Minister is booted out of office or decides to give up politics and is replaced by somebody else that person will find out about the information. All I am asking is that one other person who has been appointed by the Government and who has a very high office should be able to say "I confirm the Minister's opinion and he was right in not giving that information because of its security content". I believe that is good for democracy and this is all I am arguing. I will withdraw these amendments if the Minister comes forward with another amendment.

The Minister in replying previously to my contribution mentioned that the great difficulty he has in accepting an amendment such as this is that by simply disclosing that there are data on file on an individual he could endanger somebody's life. I understand why he says that but I want to raise a query, in the most constructive fashion, because it seems that as framed at present the Bill demands that that will be very obvious. If somebody applies for the disclosure of information or data which is on file in a computer in a Government Department he will be refused on the basis that the Act does not apply to that disclosure because, in the opinion of the Minister or the Minister for Defence, it is a security matter. In other words, it must be disclosed that the Minister or the Department are relying on that provision in order not to disclose the information. In itself, that means that a disclosure is being made that there is information on file.

I do not understand why the Minister regards that as a big problem in taking on board an amendment along the lines set out by Deputy Barrett, to be decided on by the Minister and his officials between now and 7 p.m., which I have to say is looming ahead of us. If the Minister looks at the Bill he will find there is already a provision in it whereby there will be disclosure to an individual that there is information on file. Even by implication it is present in the Bill.

I think there might be a slightly different connotation with regard to section 8. I do not think the Minister will have great difficulty in introducing an amendment which safeguards the rights of an individual who has been wronged. If, as Deputy Barrett said, the matter is referred to a Chief Justice, the President of the High Court or some other individual the fact that the information is on file will be disclosed simply to the extent that it is on file. It will be disclosed to that extent anyway under the Bill as it is at present drafted. I appeal to the Minister to have regard to that fact in deciding on an amendment of this type.

With regard to Deputy Barrett's reliance on section 8 for the argument he subsequently built up as he developed his contribution, there may be a slight misunderstanding in the interpretation of section 8 in that there is a difference between the section we are dealing with and the data in section 8.

The data referred to in section 8 are not security data. They are data kept by, say, an employer with regard to attendance, time-keeping and so on and by the Garda when investigating subversive or non-subversive crime. In those circumstances an employer may be prevented, by the provisions of the Bill, from disclosing that information unless he was registered and had listed the Garda as people to whom such data should be disclosed. That is most unlikely. Therefore, to protect a data controller, the provisions of section 8 allow disclosure to the Garda in these cases. They are data that are not deemed to be of a security nature and would be made available only for the purposes of facilitating the full and proper investigation of crime whether that be ordinary or subversive crime. That is fair enough; I accept that.

To deal with the point raised by Deputy Seán Barrett, I believe that a simple right of appeal to the President of the High Court would not necessarily suffice because its outcome could determine whether there was some information available; in itself, that could be lethal in some cases. It would necessitate a most elaborate provision for which there is no precedent in any other legislation.

I fully understand that the Deputies opposite are trying to prevent non-security data being certified as security data. I would ask them to bear in mind—and I mean this — that, accepting the amendment as tabled, would give the right to review of all data certified by the Minister to be security data; it would give that right and those engaged in activities against the State would have that right. That would mean that the balance I am endeavouring to achieve in the way this legislation is framed would be weighted totally on one side.

With regard to the point raised by Deputy Colley as to whether a person makes inquiry in order to ascertain whether information about them was held on computer, I should say that no answer would be given to such an inquirer other than to say that there were no personal data held that the data controller is obliged to give the subject under the provisions of the Bill. That might not be the actual formula used but it would be a variant thereof. However, it would be open to an aggrieved inquirer to complain to the Garda Commissioner who would have full power to investigate whether the Garda were justified in refusing such information. There is not any problem with regard to non-security information —none there — but, when it comes to security information, we must keep that as tight and as close as we possibly can. Bearing in mind that ours is a country bedevilled by security problems the House should realise that I am now being asked to go far beyond what our European colleagues did in their legislation in fulfilling their obligations under the convention. I am being asked to go way beyond the provisions enshrined in their legislation. Were I to accede to such requests it would have very serious and dangerous consequences for us.

I have no wish to drag out this debate. We have exhausted almost every angle and aspect that can be exhausted. Perhaps we will have to agree to differ on it. Would the Minister agree that the reply he has just indicated an individual would receive, or something along those lines — if a person sought data that were not going to be divulged because of a security risk — implies that there are data available covered by security considerations? Would he agree that that would be the implication or interpretation taken by anybody applying for disclosure of information under the provisions of this Bill? Therefore there is no difference between those circumstances and those obtaining in which somebody would apply for such information, have their application refused and seek appeal to the President of the High Court or somebody else. There is no substantive difference between the two sets of circumstances.

I do not accept the argument Deputy Colley has advanced. I do not accept that that type of reply would in any way inform a subject or applicant that there is information about them on computer because it would not. That is the type of answer that would be given to all inquirers, so that they could not read anything into it. That type of formula had been used in other instances in the past in dealing with security matters even in this House. There has never been an admission that such and such was——

I understand that but, post the enactment of this Bill, we will be talking in a very different context because there will then be a basic right to information. If that information is not divulged implications will be drawn therefrom. There are a small number of reasons only for refusing to divulge information, one being the security of the State; two, that already data are required by law to be made available and, three, personal data of a domestic or recreational nature. If such data are to be refused because they are not by law required to be divulged somebody will take the absolute implication that that refusal is because of a security problem.

Deputy Colley put her finger on the difference. After the enactment of this Bill people will be able to write in and request personal data that may be held about them. If that involves information of a security nature, obviously it will not be disclosed, rightly so, particularly if it affects the security of the State. I would not expect any Minister or Government Department to do so. All I want is that there be a safeguard provided so that, when somebody applies for information, they will not be told that it cannot be disclosed for security purposes when that might not be the real reason. The subject may think it has nothing to do with the security of the State but will have nobody to whom he or she can appeal. I am not contending that the State should disclose any information of a highly confidential or security nature. I would not expect that to be done for one moment; I would be totally opposed to it.

All we are endeavouring to do is initiate a safeguard in case somebody abuses the provisions of section 1 (4) (a); that is all. It does not involve the divulgence of any information whatsoever. All we propose is to check on the opinion, if you like. If the Minister tells me he is not disclosing the information sought because of its security content, that it would affect the security of the State and I know there is nothing there that could suggest that, and wonder what to do about it, since there is obviously incorrect data about me, there is no way that I can get them to change that misinformation. The Minister is using this safeguard. Is there no right of appeal to some high judicial individual who can confirm the Minister's opinion and agree that I should not get the information?

Arising out of points made by Deputy Colley and Deputy Barrett, it seems that the State would not be so naively ingenuous as to say, in response, that they are not disclosing the information to that person and smile coyly and the person would then think that he or she is a security risk. What the State, I presume, would do would be to devise a formula to the effect that there is no personal data applicable to that individual.

I imagine that the State will have a formula, but that is beside the point. I do not want to intervene at any length on this. I hope we might reach section 7. I sympathise with the spirit of this amendment seeking some other view beside that of the Executive on a matter such as this. On the other hand, it raises the consideration, are we entitled to take what is an executive matter and run to the courts for a decision? We have a division of power. There are certain areas prescribed to the Executive, certain to the Judiciary and certain to the Legislature.

It seems that matters of security are peculiarly for the Executive. The Executive, per se, does not consist just of the political head of a Department. It consists of the political head and the permanent administration that serve him. I would remind the House that we can rely on the integrity of the permanent administration and the integrity of the Minister of the day, between them, to ensure that no injustice will be done to a citizen.

Again, there will be a practical difficulty in going to a third party, even a court. One would have to be attracted by the thought of going to a court and the practical difficulty would be that if you go to a court you automatically open the door to advocates' submissions and displeasures.

I do not think that is totally avoidable. It must come through somebody to reach the judge's desk, unless one is going to have a system of secret messages going from the Minister to the judge. In that event, the thing is pointless because the Minister would say what he wants to the judge. There would have to be some third party or some way of presenting the matter to the judge that inevitably involves disclosure to other persons. The intention is understandable and one would have to have sympathy with it, but speaking from experience I would have some reservations about its practicality.

First, the House recognises the background of the introduction of this legislation and the reason for it. We have very carefully studied the legislation already enacted by other states, states with which we have much in common in the European sense. If we had, as put forward by Deputies Barrett and Colley now, a formula different from what is suggested, we would stick out like a sore thumb. There is no doubt in my mind about that.

I know that but in this area, having regard to how it is applied, particularly with regard to financial services, it is law that we are enshrining where it has very important international connotations as well. It is suggested that we do something which in my view would be totally unnecessary. I know it is not the intention and accept completely that it is not, but it can only benefit those whose aims and desires it would be to damage the security of the State. I know that it is not the intention of the Deputies who would be as hardline on this as I would be, as we all would want to be. In a country like ours, where we have very serious security problems, we would be making it more difficult for us to deal with those engaged in subversive activities. Nobody could shift me on that; it is a fact. If the Minister of the day who, as Deputy Cooney very correctly pointed out, is just a political head of his Department, made an incorrect decision with regard to the formation of his opinion that a certificate should not or should be signed by him, I could readily see that Minister of the day being of the day and no more than that. I said that and I mean it.

I must rely, as my predecessors have done and my successors will have to, on the professional expertise to those engaged in this area. Information has been approved on occasions. It is an ongoing process. One of the difficulties, as Deputy Cooney will tell the House, having been Minister for Justice, is that trying to make a factual decision on information at times is like standing on shifting sands, because as the investigation develops the scene changes.

You do as often as you can and even then it is an exceptionally difficult situation. To make a decision, you like to have all the facts. There are times when you should not take shortcuts in any shape or form because if you do the consequences are normally very great. There are times when professional advice is a mentor along the way and there are times when it will be proved to be incorrect, perhaps after a length of time. On the day, one must rely on the professional expertise and advice of those who cover this area.

I agree with Deputy Cooney with regard to responsibility of the Judiciary, of Government Ministers and of this House. If the Minister of the day is given the responsibility of answering to this House on a particular issue that is his concern, as a member of Government. That is why the people gave him that position along the line.

Having regard to the importance of that information the confidentiality of it, the protection of that information, the protection of the source of that information and the possibility of further information coming along which will help to prevent serious crimes being organised or taking place, that information is given only on a one-to-one basis. That is not any secret. With regard to the protection of the source, if a belief emerges that the source may be disclosed, directly or indirectly, or that information is in existence, the source may feel that his time has come to sever all connections, if he is lucky, and to backtrack as quickly as he can. We must take that into account.

If the Minister of the day makes a wrong decision on the information before him he is not worthy to be in office. Having regard to experience in the past, he would not be there for long.

The public record will show that I have corrected decisions when it was necessary, proper and just for me to do so, irrespective of any personal embarrassment and I expect any person in this office would do the same. I do not have to have my arm twisted or pressure exerted on me to do the right thing.

It will have to be reviewed because there will be so much new material and because of the speed of advances in technology. By then, there will be a good deal of experience on how the Bill operates and that might be the best time to form a balanced judgment on these issues. I hope that will be looked on kindly by the Deputy and that he will not press his amendment because my fears are genuine. The Deputy knows that when dealing with legislation in this House where it was possible to accept amendments I willingly did so but in this case I cannot do so.

I move amendment No. 19.

In page 6, subsection (4), lines 46 and 47, to delete paragraph (b) and substitute the following:

"(b) personal data consisting of information that the person keeping the data is required by law to make available to the public, or".

Paragraph (b) of subsection (4), the subject of this amendment, excludes from the scope of the Bill any personal data that are required by law to be made available to the public — electoral lists, the register of companies and so on. There is no need for protection of privacy in those cases.

The amendment proposes two changes in the paragraph. This first is a technical one. It recognises that what is normally required by law to be made available to the public is information in readable form — not the information in its computerised form, as the present text of the paragraph provides. So the amendment makes the exclusion apply to personal data consisting of information required by law to be made available to the public.

The second change restricts the exclusion to the information when it is shown in the electoral list, companies register or other such public document. If that information is computerised by another person, then, in his or her hands, it will now be covered by the Bill in the ordinary way.

I move amendment No. 20.

In page 6, line 50, after "individual", to insert "or club or association".

This amendment deals with page 6, subsection (4) (c). It is the third category of information to which the Bill does not apply, personal data which is kept by an individual for domestic, household or recreational purposes. It has been brought to my attention that, as the Bill stands, it is possible that sporting clubs and other organisations of a purely recreational or non-business nature would be caught by the Bill and could be required to conform to many regulations and so on in relation to the kind of information they hold and which should not be included.

The last part of this paragraph should read "that personal data kept by an individual or club or association only for recreational purposes" should be included. That is restrictive enough because the intent of the paragraph is to restrict the meaning to those organisations or data that have nothing to do with business or commerce but are purely for individual or recreational needs. My amendment is in keeping with that and expresses something I read into the paragraph as being intended but not clearly said. I ask the Minister to consider it in that light.

We have given a lot of consideration to this amendment.

Personal data kept by an individual for recreational purposes is intended to cover the keeping for one's own use of computerised information on, for example, football results or other sporting statistics. Perhaps a better phrase might be "amusement purposes".

The bulk of personal data kept by a club or association would not be for such purposes but rather for the business of running the club — membership subscriptions, customer accounts and so on — which would not be very different from any other business.

A club or association would have a lot of personal data on members and I would see no justification for exempting them from the obligations imposed on every other body that keeps such data. Of course, a club would not have to register unless it comes within the categories who are required to do so by section 16. Moreover, to exclude such personal data from the Bill would require a derogation from the convention.

In the circumstances, I am not disposed to accept this amendment.

I move amendment No. 21:

In page 7, subsection (1), between lines 6 and 7, to insert the following:

"(b) the data, or, as the case may be, the information constituting the data shall have been obtained lawfully and with due observance of the constitutional rights of the data subject,".

With regard to this amendment I have been advised that the obligation already imposed by the subsection to obtain fairly data or information constituting data would amply comprehend also obtaining it lawfully and with due regard to the data subject's constitutional rights. The amendment is unnecessary. What the Deputy is thinking about is already catered for.

Is the Minister saying that the wording in section 2(1) (a) covers my amendment? What I am asking is that the data or as the case may be the information constituting the data shall have been obtained lawfully and with due observance of the constitutional rights of the data subject. It should be clear that there is an obligation to only obtain data on people by lawful means. One could put a tap on somebody's phone to get information but that would be an unlawful way of getting information. There should be an obligation to obtain information legally. The present wording does not make that quite clear.

The section says "fairly". Fairly and lawfully are two different things. I might regard it as fair to tap the Minister's phone but it is not lawful to do so. It should be made quite clear that information should have been obtained lawfully and with due observance of the constitutional rights of the data subject. I cannot see how that will cause difficulties. The Minister has used the word "fairly" but has said nothing about "lawfully."

Having consulted the explanatory memorandum the meaning of this section is expressed as being that the use or disclosure of the data in any manner incompatible with the specified and lawful purposes for which they are kept is prohibited. It does not refer to the gathering of the data. It refers specifically to the use or disclosure of those data as having to occur in a fair or lawful manner. There is some element of doubt about the meaning of that section. It would be useful to have this expressed quite clearly as being lawful in the obtaining and not just in the processing and the disclosure.

There is an obligation imposed by the subsection to obtain fairly data or information constituting data. I am told that "fairly" comprehends also obtaining it lawfully with due regard to the data subject's constitutional rights. There would be a particular difficulty in specifically requiring a person to behave lawfully. There is a presumption that people behave lawfully because if they do not they incur sanctions under the general law governing false pretences, fraud and so on. A requirement to obtain the process data fairly and lawfully is contained in article 5 of the convention, but when the Bill was being drafted the parliamentary draftsman considered that a specific reference to "lawfully" was unnecessary. The point was put to the parliamentary draftsman and he advised that a specific reference to "lawfully" was unnecessary and inappropriate. This matter was raised because it came to attention in studying article 5 of the convention. My reason for having this as it is, is the advice of the parliamentary draftsman whom I regard as the professional in this area.

The Minister's comments worry me. The word "lawfully" should remain in the section. The word "fairly" does not really mean anything. Everybody's opinion of what is fair is different. "Lawfully" is a specific defined term. I support that amendment. The Minister's remarks are worrying to say the least. I cannot follow the logic of the point that it should be omitted as a purely technical matter. If it is in the convention it should be retained in the Bill. I support the amendment.

It might help the Minister if I drew his attention to the fact that section 2 (1) (c) (i) indicates that the data shall be kept only for one or more specified and lawful purposes. In that case the parliamentary draftsman decided that the word "lawfully" was necessary. The parliamentary draftsman could have said "shall be kept only for one or more specified purposes" and assumed that everybody would behave lawfully. It is relevant to have it here as it is to have it there. As Deputy Mac Giolla has said, "fairly" is a very subjective term and "lawfully" is a very objective term which can be defined. In legislative terms it is a better term.

I do not know. The data commissioner is the person who will decide on what is fair and on what is lawful. I am told that in continental drafting — and of course the original convention was in French —"lawfully" has a slightly different meaning, something like "in accordance with the law." This is a matter that was given consideration by the parliamentary draftsman when he was giving us the form of words. The interpretation——

——which the data commissioner will decide is what is fair and what is lawful. He is the person who makes the decision. I am advised that "fairly" comprehends everything and that the specific attention of the parliamentary draftsman was drawn to Article 5 of the convention. I cannot claim, much as I might be tempted to, that I am better at providing phraseology in legislation of a technical nature than the parliamentary draftsman so I have to be guided by him and I am told that the amendment is unnecessary and inappropriate.

I only referred to it because the Minister said that the draftsman had assumed, had taken it on board, that everybody behaves in a lawful manner. Therefore, I draw it to his attention that it is being used in section 2 (1) (c). Why is it used in section 2 (1) (c) and why not in section 2 (1) (a)? It seems to be quite logical to use the same——

It ceases to amaze me that when the average person in the street picks up one of these Bills or Acts and tries to read it they are totally confused. Ignorance of the law is no defence. How in God's name can you expect an ordinary person in the street to be fully informed of the law when they go about reading an Act or a Bill couched in language that is not used by anybody else or when there are excuses for not putting in things for various reasons? I do not have legal train, ing but I hope I am a reasonable person.

It is stated in section 2 (1) (a) that: "the data or, as the case may be, the information constituting the data shall have been obtained, and the data shall be processed, fairly,". If you put that to any ordinary individual — and that is who we represent — who will decide what is fair and what is not fair? If you want to say that, you must also say that the data should be obtained lawfully and processed lawfully. In other words, it should be made quite clear that you cannot get data about an individual by unlawful means, for example, you cannot put a tap on my phone and get information, put it into the computer and store it. Whatever information is got about me must be obtained lawfully, not "fairly". I could argue that it was only fair that I was able to tap into your phone, that I got the information and that all is fair in love and war and so on. It does not necessarily say that it was lawful for me to obtain it. Why not make it clear in the legislation that information obtained must be obtained by lawful means? I would dearly love to meet this draftsman. It is a pity he does not sit here so that we could have a chat with him occasionally.

If the Deputy will allow me, I will arrange to convey the views of Members to the draftsman and ask him to examine those views. One can only give the benefit of the advice one gets from the professionals whose job it is to give advice and I am advised in this instance that to accept what is suggested might very well cause problems. For instance, regarding Deputy Mac Giolla's question which I accept was asked in good faith, that is, why not have it in in accordance with the law, "in accordance with the law" the continental sense — Deputy Colley knows what I am going to say— means in accordance with a statute or regulation. We might be getting ourselves into an area which we might not want to get into but I will convey to the parliamentary draftsman the views of Members on this particular issue, because it is a drafting problem, and let him know the concern we have here for the work which he has to do and to let him know, too, that we are doing our job as carefully as we can. If, having studied the Deputies' arguments, he feels that an amendment should be considered, then there would be an obligation on me to consider an amendment for the Seanad.

Of course it is and it is the Minister's intention that it can and would only be obtained in the ways described by Deputy Mac Giolla. I am assured, having regard to Article 5 of the convention, that the form of words we have so binds us up with the requirement of the convention on Article 5. That is my intention and I know it is also the intention of the Deputy. It is a question of what is appropriate and proper. I will arrange, if Deputy Barrett allows me, for that direct meeting to take place with the parliamentary draftsman.

Amendment No. 22 in the name of Deputy Spring, amendment No. 23 is an alternative and amendment No. 49 is related. Is it agreed to take amendments Nos. 22, 23 and 49 together for the purpose of debate? Agreed.

I move amendment No. 22:

In page 7, lines 31 and 32, to delete subsection (4) and substitute the following subsection:

"(4) All provisions of this section apply to back-up data.".

Subsection (4) states that paragraph (b) of the said subsection (1) does not apply to back-up data. Paragraph (b) of subsection (1) states that the data shall be accurate, and, where necessary, kept up to date. Later it states that this does not apply to back-up data. I cannot see the necessity for that. If you are keeping your data accurate and up to date and not altering the back-up data when, as Deputy Barrett said on a previous occasion, somebody resigns, a new person coming on the job finds that the back-up data do not tally with the accurate data on the computer. Then he may well change the data that have already been altered and accurate because he would imagine that the data and the back-up data should be the same.

It is absolutely essential that where you have accuracy and up-to-date information, if some of the back-up data are inaccurate or not up to date at least they should be scrapped, deleted, taken out or brought up to date and made accurate. It is highly dangerous to have back-up data different from the data you have on the computer and are giving out for the person. The person goes in with all this Bill behind him to get the information relating to him on the computer, he gets some of the data but does not get what is in the back-up data. Will the Minister explain why it is essential not to have any accuracy or up-to-date information in the back-up data? At least delete the stuff that is out of date or inaccurate in the back-up data.

Subsection (4) makes an exception in the case of back-up data to the requirement that personal data be kept up to date. Any person who uses an automated information system generally makes back-up copies of all computerised files so that if there is damage to the operational file a replacement copy is available.

Back-up copies by nature are not as accurate and up to date as the original file and for this reason could not be expected to comply with the requirements in this regard. This applies to the amendments other than No. 22; it applies to amendments Nos. 23 and 49. For instance, I understand in banks that back-up data are changed every afternoon practically. By definition back-up data are almost always out of date because new transactions are going on. That is the main reason why this is being treated as it is.

I could not accept that because data from a bank of something which took place five years ago are still up to date. That is what happened on that date. That is all accurate information on what happened yesterday or a year ago. I do not take that to be what the Minister is calling back-up data here. There is no mention of back-up copies. This refers to back-up data. I do not think his reference to the banks is an example of something that is not accurate or not up to date. It is supposed to be an accurate account. I know many times banks make errors regularly and continuously and so do we all, but it is supposed to be accurate and up to date. All that is specified in section 2 (1) (b) is that "the data shall be accurate and, where necessary, kept up to date". I agree with that, but then it provides that this does not apply to back-up data. I cannot think of exactly what that means but it is not back-up copies anyway.

Where a thing is inaccurate and new information comes in and shows that what you have is inaccurate, you make it accurate and bring it up to date. Bits and pieces of things all added together are what you have finally and your back-up data is still inaccurate and out of date and you do not have to correct it. That is dangerous. People often check up on what is on their computer through the back-up data. They find differences and do not know why. They may change what is correct into what is incorrect. Why is it necessary to exclude them from scrapping or changing the back-up data? This is computerised and it is not as difficult as if one had to go through numbers of files and change the word "and" here and there or something like that. We are talking about a computerised system.

By definition again, back-up data are almost always out of date because new transactions are taking place and in some businesses the back-up data is there for a reason. In the case of a fire or something like that, they would be there to help them to build a new base. Probably they are stored in another building. They are not kept as up to date as Deputy Mac Giolla thinks because new transactions are going on regularly. In the case of back-up data section 2 (4) makes an exception to the requirement that personal data be kept up to date. Any person using an automatic information system makes back-up copies of all computerised files. If the operational file is ever lost or damaged in any way a replacement copy is available. Back-up copies by nature are not as accurate and up to date as the original files and for this reason could not be expected to comply with the requirements in this regard. I think that is reasonable.

We have not been given sufficient examples and I cannot think of sufficient examples. If you are talking about personal data instead of bank transactions and so on, and mostly we are talking about personal data here, you are talking about keeping personal data up to date. The guy had another child or is now separated and living with somebody else, one of his family died, he is older; all that sort of information is being put in some place on his file. Now the back-up data is different because the original wife is gone and she is still there in the back-up data and she is with somebody else at this stage.

I am only trying to explain because I want to know. The personal data are brought up to date but the back-up data are left as they were. All the wrong people are living with the wrong people and they have the wrong children etc. That is all wrong. Why? Is it very difficult? Would it mean a tremendous amount of work to change the back-up data to make it the same as what you have? I would like some explanation.

I understand Deputy Mac Giolla's comments and in an effort to help clear up any misunderstanding let me say to him that back-up data are kept only for the purpose of replacing other data in the event of their being lost, destroyed or damaged. Many data controllers seek to protect their investment in data by keeping duplicate files in case the equipment or the programmes which processed the data fail. These recovery or back-up data are updated at regular intervals depending upon the activity concerned, its importance and the frequency of transactions. The copies may become out of date as alterations are made in the current data.

It must be emphasised that this exemption covers only duplicate records which are held solely for keeping the data safe and the information held on the original files must be made available to the data subject.

I move amendment No. 24:

In page 7, between lines 42 and 43, to insert the following subsection:

"(6) (a) The Minister may, for the purpose of providing additional safeguards in relation to personal data as to racial origin, political opinions, religious or other beliefs, physical or mental health, sexual life or criminal convictions, by regulations amend subsection (1) of this section.

(b) Regulations under this section may make different provision in relation to data of different descriptions.

(c) References in this Act to subsection (1) of this section or to a provision of that subsection shall be construed in accordance with any amendment under this section.

(d) Regulations under this section shall be made only after consultation with any other Minister of the Government who, having regard to his functions, ought, in the opinion of the Minister, to be consulted.

(e) Where it is proposed to make regulations under this section, a draft of the regulations shall be laid before each House of the Oireachtas and the regulations shall not be made until a resolution approving of the draft shall have been passed by each such House.".

This amendment empowers the Minister for Justice, after consultation with any other Minister concerned, to make regulations providing additional safeguards in relation to personal data about racial origin, political opinions, religious or other beliefs, health or sexual life, or criminal convictions.

These categories of particularly sensitive data are specified in article 6 of the Council of Europe Convention which provides that data of this kind must not be processed automatically unless domestic law provides appropriate safeguards. The convention does not necessarily require different provision to be made in regard to those data as compared with safeguards applicable to other personal data, and we believe that the general provisions of the Bill provide appropriate and adequate safeguards in respect of same. That is why we did not consider it necessary to introduce a provision on the lines of this amendment in the Bill as introduced.

However, it might perhaps be more prudent to provide for the possibility that additional safeguards could prove to be necessary in regard to those particular kinds of data. It might be, for example, that one of the other parties to the convention might impose severe restrictions on processing a particular category of health data and might be reluctant to allow the export to this country of that type of data for processing here unless similar safeguards existed in this country. Article 12 of the convention permits contracting states to restrict transborder data flows in such cases. Accordingly, it seems desirable to provide the authorities here with a reasonable degree of flexibility in reacting to any situations of that kind that might come about in the future, and that is what the amendment sets out to do.

As the regulations providing for these additional safeguards will amend the protection provisions in subsection (1) of section 2, it is being provided that they will not come into operation until a draft of them has been approved by each of the Houses of the Oireachtas.

I move amendment No. 25:

In page 8, subsection (6), line 2, to delete "one month", and substitute "40 days".

These amendments, except amendments Nos. 30 and 39, extend the period allowed to data controllers for complying with requests by individuals to have their names removed from marketing or mailing lists, to have access to personal data about them and to have data rectified or erased. It is proposed to extend that period from one month to 40 days.

This does not mean that individuals will now have to wait an extra ten days. In many, if not most, cases the information, if readily available, can and will be supplied well within one month. However, it has been represented that in some instances, for technical reasons connected with the nature of the processing cycles in businesses using automatic information systems, it may be difficult to produce the information inside that limit and that controllers could be in breach of the obligation imposed on them by the Bill.

Amendment No. 30, on the other hand, proposes to reduce the specified period for compliance from one month to 21 days. This is the period allowed under section 3 to a person who is asked whether he keeps personal data and the purposes for which the data are kept. That is a very simple request and there should be no difficulty in replying to it within 21 days. Indeed, I expect that when the Bill comes into operation all data controllers will prepare a standard document containing a description of the types of personal data kept by them and the purposes for which the data are kept. All they need do on receiving a request under section 3 is to send a copy of that document to the individual making the request.

Amendment No. 39, which proposes to change the period mentioned in section 4(6)(b) from "2 months" to "60 days", is a consequential drafting amendment. All the other time limits are being expressed in days rather than in months.

I move amendment No. 26:

In page 8, subsection (6) (b) (iii), line 7, after "accordingly" to insert "and advise him of the other purpose or purposes for which the data is kept".

I have no objection to the principle of this amendment, although I am not convinced of the necessity for it. The amendment requires a data controller who deletes an individual's name from a direct mailing or direct marketing list to tell him of any other purposes for which the data are kept.

Now, under the Bill as it stands, there is provision for any individual to be told by a data controller, whether registered or not, for what purposes personal data are kept. That is provided for by section 3. If the controller is registered, a list of the purposes will also be set out in the registered entry and available for inspection by the public free of charge.

As I said, I have no objection to the principle of the amendment but I am not convinced of the need for it.

I think it is worth putting something like this in the Bill. Section 2 (6) reads:

Where——

(a) personal data are kept for the purpose of direct marketing, and

(b) the data subject concerned requests the data controller in writing to cease using the data for that purpose,

the data controller had 40 days instead of a month. Subparagraph (i), (ii) and (iii) read:

(i) if the data are kept only for the purpose aforesaid, erase the data,

(ii) if the data are kept for that purpose and other purposes, cease using the data for that purpose, and

(iii) notify the data subject in writing accordingly.

If he has other information he should notify the subject. I cannot see any difficulty in accepting this amendment. Its inclusion would make things clearer. If a data controller has information about a subject, he should know about it and the more often we say that the better. I do not see why the Minister cannot accept this amendment.

I accept the principle of the amendment and the argument put forward. I can prepare the text of a suitable amendment and have it circulated shortly for Report Stage. If the Deputy would agree, having regard to the technicalities of procedure, I will put it in my name to avoid what happened here some time ago.

I move amendment No. 28:

In page 8, to delete lines 8 to 12 and substitute the following:

"3.—An individual who believes that a person keeps personal data shall, if he so requests the person in writing—

(a) be informed by the person whether he keeps any such data, and

(b) if he does, be given by the person a description of the data and the purposes for which they are kept,".

The amendment I am proposing will increase the effectiveness of section 3, which enables individuals to establish the existence of personal data. As the Bill stands, those individuals must be told whether any personal data are kept and, if so, the purposes for which the data are kept. The amendment requires that they be supplied, in addition, with a description of the data.

Furnishing this additional information should not impose any burden on a data controller whereas it is likely to be very useful to individuals who may be using section 3 to establish the existence of personal data as a preliminary to exercising the subject access rights in section 4, particularly in cases where the data controller is not required to register.

I move amendment No. 30:

In page 8, line 13, to delete "one month" and substitute "21 days".

I move amendment No. 31:

In page 8, subsection (1) (a), line 23, to delete "one month", and substitute "40 days".

I move amendment No. 32:

In page 8, subsection (1) (c) (i), line 35, to delete "shall" and substitute "may".

As it stands a fee is required to be paid in every case by an individual who wishes to exercise his right of access to personal data concerning him. While it is reasonable to provide for the reimbursement of expenses incurred in complying with requests for access, there will be some cases, I am sure, where data controllers will not charge any fee and the Bill should provide for that possibility. For example, some data controllers may give free access periodically, say once a year, if only to keep their records up to date. The amendment makes it clear that controllers are not obliged to charge a fee for access, although they are authorised to make a charge if they so wish.

Section 4 (1) (c) (i) states:

A fee shall be payable to the data controller concerned in respect of such a request as aforesaid and the amount thereof shall not exceed such amount as may be prescribed or an amount that in the opinion of the Commissioner is reasonable, having regard to the estimated cost to the data controller of compliance with the request, whichever is the lesser.

Our amendment would insert after "reasonable" the words "having regard to the individual's capacity to pay, and". I have no idea what the fees might be now or in the future. The cost of the acquisition of the information could be placed so high as to put it beyond the capacity of some individuals to avail of the facility of getting the information. That would be an interference with their right to obtain the data. Perhaps the Minister would indicate who is to prescribe the amount. What does it mean? I am asking the Minister to accept that the commissioner should fix an amount which is reasonable, having regard to the capacity of the individual to pay. Some people would find a couple of pounds an exceptional burden but to other people a fee of £10 or £20 for access to information would mean nothing. The fee might be £50, which would certainly be beyond the capacity of somebody receiving assistance of £37 per week. Perhaps the Minister would comment.

I have proposed an amendment to ensure that there is no obligation on the data controller to charge a fee. Even where a charge is made, it must not exceed a prescribed amount or an amount which the commissioner considers reasonable, having regard to the estimated cost to the data controller, whichever is the less. I appreciate the motives behind Deputy Mac Giolla's amendment but I believe it would further complicate the provisions and introduce uncertainty, while not necessarly benefiting the data subject who, if he is to pay a fee, must pay it before the request can be processed.

The maximum amount prescribed as a fee for access should be a reasonable one and should take into account that experience suggests requests for access are relatively infrequent and should not in many cases involve any great difficulty in complying with them. I am sure that some data controllers will give access free since it will have the advantage of ensuring that their data is kept up to date. Others may give free access once a year and charge for more frequent requests. We will have to wait and see.

I am satisfied that the Bill as it stands strikes the right note. There will be a maximum fee which I undertake will be a reasonable one and no data controller can charge even that if it costs him any less to comply with the request for access. The fee is not to exceed the amount to be fixed by regulations made by the Minister for Justice, with the consent of the Minister for Finance, or the estimated cost to the data controller of complying with the request, if that is less. In many instances there may not be a fee and the data controller will, I am sure, take account of the circumstances of the person making the request.

I very much appreciate what Deputy Mac Giolla is trying to accomplish but the difficulties which would arise would be great. My approach is, perhaps, the proper one but we will have to wait and see how it develops in practice. The regulations will have to be approved by the House and the matter can be reviewed during discussion on the regulations.

I recognise that the commissioner is the person who decides what is reasonable and it is possible that he may have his decision on what it costs the data controller to give access to the information. The data controller may claim that very large expenses were incurred. I want to ensure that the commissioner will not base his decision on what it costs but on the capacity of the individual to pay. The Bill is giving each individual certain rights and I want to ensure that the rights are not removed by the imposition of an inordinate fee which would prevent a person availing of his right.

I move amendment No. 35:

In page 8, subsection (1) (c) (ii), lines 46 to 48, to delete "corrects or supplements, or erases all or part of, the data concerned" and substitute "rectifies or supplements, or erases part of, the data concerned (and thereby materially modifies the data) or erases all of the data".

The four official amendments have a common purpose, that is, to avoid data controllers having to take action under the Bill where inaccuracies in personal data come to light but they are quite trivial and inconsequential. As the Bill stands a data controller could be obliged to refund the fee for access if there was a mispelling in the personal data which he had collected. Also under sections 6 (2) and 10 (7) he would be obliged to notify such correction to any person to whom the data concerned were disclosed during the proceeding 12 months. It seems better to tighten up these two provisions so that the data controller will be bound by them only if the correction he makes materially modifies the data in question. He will of course continue to be obliged to correct the data but not to go further and proceed to refund the fee or to notify the disclosees.

In reply to Deputy Barrett, in the event of the person seeking information, then being given information that was subsequently corrected, the person who had received incorrect information would be notified that the correction had taken place so he would not be misled. I presume that is the point the Deputy was making.

It is obligatory on the data controller to notify people that a mistake had been made. What I am saying is that surely I must have a right to get a copy of what was there prior to correction and then I can decide for myself to tell people who may have seen the incorrect information. I do not see why we should fear a data controller having to supply the incorrect information. I cannot see why we should not insist on that. It is the right of an individual.

It is there in section 6 (2). I certainly have some sympathy with what the Deputy has said. I am not convinced that the proposed amendments would be justified. I agree that it is important that data subjects should be given a copy of the information kept about them on the date of the receipt of the request for access and that there should be no tinkering with data after that with a view to concealing a breach of the data protection provisions. It does have what I consider to be a reasonable exception for any amendments that would have been made irrespective of receipt of the request. In other words, ordinary business operations, for example, crediting and debiting accounts can continue uninterrupted while the request for access is being processed. The amendment would seem to me to require data controllers to react instantly to a request for data and to produce a copy of the data immediately in every case. That would pose no problem in a small business but it certainly would in a large commercial institution or Government Department and could disrupt operations, especially if there were any difficulties in locating the data on the basis of the information supplied by the data subject. I appreciate that the object is to prevent any mending of the hand by data controllers after a request for access comes in, but I believe that subsection (5) adequately achieves that without imposing any unnecessary burden on the data controllers.

I move amendment No. 38:

In page 9, subsection (6) (a), line 36, to delete "‘one month'", and substitute "‘40 days'".

I move amendment No. 39:

In page 9, subsection (6) (a), line 37, to delete "‘2 months'", and substitute "‘60 days'".

I move amendment No. 40:

In page 9, subsection (7), line 43, after "section", to insert "shall be in writing and".

This amendment requires that a refusal by data controllers of a request for subject access must be in writing.

I move amendment No. 41:

In page 10, subsection (8) (a), line 4, to delete "restricted or excluded" and substitute "modified by the regulations".

I move amendment No. 42:

In page 10, subsection (8) (a), line 6, to delete "in the regulations" and substitute "therein".

I move amendment No. 43:

In page 10, subsection (8), between lines 12 and 13, to insert the following:

"(c) Whenever it is proposed to make regulations under paragraph (a) of this subsection a draft of the regulations shall be laid before each House of the Oireachtas, and the regulations shall not come into effect until a resolution approving of the draft has been passed by each such House.".

This relates to the regulations in paragraph (a) of subsection (8) which is on page 10. This amendment proposes that when it is proposed to make such regulations, a draft of the regulations shall be laid before each House of the Oireachtas and the regulations shall not come into effect until a resolution approving of the draft has been passed by each such House.

This is an amendment we have been attempting to put in and which has been put in one or two Bills instead of the type of measure which is normally in the Bill that such a regulation will come into effect unless the Oireachtas, in the mean-time, opposes it. What we are saying is that it must actually be brought before the House and must be passed into effect by resolution of the House approving of the draft before it becomes part of the Bill.

My amendment, which is No. 113, relates to section 31 which is a general overall section relating to the whole Bill. My amendment is saying that a draft of every regulation should be laid before the Houses of the Oireachtas and they should not come into effect until they have been passed by each House. I know that the Minister has accepted other amendments of this type to, for instance, the Intoxicating Liquor Bill, and I would ask him to consider doing it in this instance also because regulations which will be put into effect under this Bill will be extremely important and should be scrutinised by the Oireachtas. It is a new area of legislation. We are feeling our way along and I believe that we should have scrutiny at every point in the process if at all possible.

The Bill provides in section 31 that with one exception every regulation made under it must be laid before both Houses of the Oireachtas. If a resolution annulling it is passed by either House within the next 21 days on which the House has sat after the regulations have been laid before it, the regulations shall be annulled. That is the normal provision for regulations which are of a procedural or technical nature or whose scope is clearly delimited by the Bill and which are required to give full and proper effect to its objects in cases where detailed provision has to be made to cover particular circumstances requiring a measure of flexibility which cannot be achieved under the normal legislative process.

In my view the regulations to be made under this Bill comply with these norms and I do not see how we would be justified in departing from them. There is one exception to what I have said and it relates to the regulations proposed to be made under the amendment made to section 2 regarding the provision of additional safeguards relating to certain sensitive personal data. I have provided for positive approval of these regulations by each House because power is being given to amend the data protection provisions in that case. To have all other regulations subjected to positive approval by each House would I suggest be quite unnecessary and, if adopted, would impose undue pressure on parliamentary time.

As regards amendment No. 44 in the name of Deputy Spring, I should make it clear that there can be no question of regulations made under section 4 (8) having retrospective effect. In fact, these regulations must be enforced when the right of access provisions of the Bill come into operation. Otherwise, patients could have an unrestricted right of access to their health data and that, by causing serious harm to them in some cases, would not accord with the provision of the convention which envisages exemptions to protect the rights of data subjects.

Moreover, these regulations can only modify the right of access where the Minister, after consulting with the other Ministers concerned, considers it desirable to do so in the interests of the data subjects concerned. He cannot make modifications in that right for any other reasons, such as administrative convenience and the like, and if he does his actions would be subject to judicial review. For these reasons I consider that the provisions in regard to regulations are reasonable and in accordance with established practice having regard to the type of regulations I have described which are involved in this legislation.

I move amendment No. 45:

In page 10, subsection (1), lines 28 to 36, to delete paragraph (c).

The provision here does not deny an individual in prison the right of access. It states that access can be refused if to grant it would be prejudicial to the security of or the maintenance of good order and discipline in the institutions mentioned. If any individual considers he is being refused access to data and that the data controller is unjustifiably hiding behind this or any other provision in section 5 (1), he can complain to the data commissioner who has been given adequate powers to investigate the complaint. It will be for the prison authority seeking to avail of the exemption to convince the commissioner that access would be prejudicial to the security of or maintenance of good order and discipline in the institutions mentioned if it were to be granted in any particular case. Therefore, I cannot accept this amendment.

Does that right of appeal also apply in respect of paragraph (a) of subsection (1) which contains a provision about entitlement to refuse in the likelihood of prejudice to any of the matters set out in paragraph (a) of subsection 1? Can the Minister tell us who will decide on whether it would be prejudicial to do so and is there a right of appeal?

I move amendment No. 46:

In page 10, subsection (1), lines 37 to 51, to delete paragraph (d).

The provisions of subsection (1) (d) are intended to cover malpractices in respect of financial services which fall short of criminal offences. The function of financial regulation is imposed on several bodies, such as the Central Bank, the Minister for Industry and Commerce, the Council of the Stock Exchange, the official assignee in bankruptcy and so on. There are times when subject access to the personal data kept by these bodies would likely be to the detriment of the discharge of those regulatory or investigative functions.

The exemption from the right of access given by paragraph (d) is limited in two respects. First, the exemption is granted only in respect of those functions which the Minister for Justice specifies by regulations to be, in his opinion, designed to protect members of the public from financial loss, firstly, caused by dishonesty, incompetence or malpractice on the part of persons concerned in the provision of banking, insurance, investment or other financial services or in the management of companies or similar organisations and, secondly, caused by the conduct of persons who have been at any time adjudicated to be bankrupt. Also, the exemption is granted only to the extent that access would be likely to prejudice the proper performance of those functions. I think this is a necessary provision to protect the public against the kind of dishonest practices I have referred to.

Let me put it to the Minister that if the various individuals or bodies he has referred to are performing the statutory functions correctly they would only need to maintain accurate records with regard to instances of dishonesty, incompetence or malpractice. If accurate records are maintained, no harm can be done to the general public if someone who believes they are the subject matter of such records or data has access to it. There is always the possibility that such data may contain a comment or view about someone's competency or dishonesty which is not accurate and that person, as opposed to protecting the general public, could be severely prejudiced in their day-to-day lives and in their business lives because wrong views about them are held by people acting in a supervisory position.

I suggest that where people acting in supervisory positions retain data of a damning nature about someone, that person should be entitled to have access to that data. If the data is correct and truthful there is nothing they can do about it but if the data is untruthful then clearly the people who are meant to protect the public are not doing their job properly and are severely prejudicing an individual or a body in their working operations. I ask the Minister to indicate more specifically what particular prejudice he would see arising and to give me some specific examples as a result of allowing data subjects access to this information.

I can readily see why this amendment was put down. Basically what we are trying to do here is to prevent damage or harm to the investigative procedures. If the question of damage or harm to the investigative procedures does not arise, and this would be decided upon by the commissioner, the information would be readily made available. The commissioner's decision is open to challenge, as the Deputy is aware, and he would have to take into account what is involved here. I think it is fairly reasonable as it stands.

I am not going to press this matter as we do not have a great deal of time left to deal with the remainder of the Bill. All I would say to the Minister is that I have considerable reservations about the need for this particular exemption. I can see the need for other exemptions. It is one thing in the context of investigative procedures but in the context of a supervisory body retaining information which they believe indicates someone is guilty of incompetence, malpractice or dishonesty, it would seem that there is a case to be made in respect of bodies acting in a supervisory capacity to have hanging over them the threat that if they retain information which is inaccurate, that people may act upon, that that information can be discovered and that the data subjects could get access to it. That would ensure that these bodies operated efficiently and properly and did not simply retain in their files gossip and rumour about people as opposed to specific substantive information. Because we do not have much time to tease out these matters I will not push this any further. Perhaps the Minister would have regard to this section when the Bill is going through the Seanad.

I move amendment No. 47:

In page 10, subsection (1), between lines 51 and 52, to insert the following:

"(e) in respect of which the application of that section would be contrary to the interests of protecting the international relations of the State,".

The first of these amendments adds to section 5 a fresh category of personal data to which the right of access given in section 4 will not apply. Disclosure of the data in question to the data subject would, in the words of the amendment, "be contrary to the interests of protecting the international relations of the State". Article 9a of the Convention sets out the major interests of the State which may require exceptions from the basic principles of data protection. These are the protection of State security, public safety, the monetary interests of the State and the suppression of criminal offences.

The Bill has given effect to these exceptions by excluding personal data, involving State security, from the Bill completely and by permitting exemptions from the right of access in any particular case where the prevention of crime or the interests of the Revenue would otherwise be prejudiced. It seems, however, on further consideration that these exceptions are not sufficiently comprehensive in so far as they would allow a right of access to personal data in circumstances where that could adversely affect the international relations of the State. The official commentary on the Convention recognises this in paragraph 55, and I quote:

The notion of "State security" (in Article 9) should be understood in the traditional sense of protecting national sovereignty against internal or external threats, including the protection of the international relations of the State.

For that reason we thought it advisable to propose a specific exemption from the right of access for any personal data in any particular case where its disclosure would be contrary to the interests of protecting our international relations.

Amendment No. 63 to section 8 is a corollary of the amendment to section 5. Section 8 lists those cases where the restrictions in the Bill on data controllers disclosing personal data to third parties will not apply — where the Garda may need information for security purposes or the prevention of crime but where disclosure is urgently needed to prevent injury to someone and so on. Because the protection of our international relations is equally as important as State security, it is right and logical that a data controller should also be free, if he so wishes, to disclose information to the proper authority when this is required to protect the international relations of the State. That is the effect of amendment No. 63.

I move amendment No. 48:

In page 10, subsection (1), between lines 51 and 52, to insert the following paragraph:

"(e) consisting of an estimate of, or kept for the purpose of estimating, the amount of the liability of the data controller concerned on foot of a claim for the payment of a sum of money, whether in respect of damages or compensation, in any case in which the application of the section would be likely to prejudice the interest of the data controller in relation to the claim,".

This amendment is being moved to meet a concern expressed by the Irish Insurance Federation that section 4 as it stands could prejudice the interests of insurance companies in dealing with claims. It is a regular practice for insurance companies to put a provisional estimate on a claim being made either by a policyholder or by a third party under, say, a motor policy. This is done for both financial and management reasons. It is necessary for the companies to know at any given time the extent of their possible liabilities under existing claims so that they can make reasonable and adequate provisions for them. The provisional estimate is also used by them as a basis on which to negotiate the settlement of a claim.

Obviously if details of this estimate were to be made available to the person claiming, their bargaining position would be completely eroded. It has been considered that these estimates were covered by the exclusion in paragraph (e) of section 5 (1) — the exclusion of personal data in respect of which a claim of privilege could be maintained in court proceedings in relation to communications between a client and his legal advisers. However, it appears that these estimates are prepared shortly after a claim is received and before any communication takes place with the legal departments. Indeed many claims are settled without any question of legal proceedings arising.

This kind of problem could also arise for other companies or individuals against whom a claim for damage or compensation might be made and who might seek advice as to what would be a reasonable estimate of their liability. The amendment has, therefore, been drafted in general terms so as to apply to any estimates of possible liability or to personal data kept for the purpose of making these estimates, irrespective of whether the data controller is an insurance company.

In all those cases the right of access conferred by section 4 will not apply. However, there is an important qualification to that, similar to the qualification in each of the proceeding paragraphs of section 5 (1), that is, that the right of access will apply unless it would be likely to prejudice the interests of the data controller in relation to the claim. That qualification may not be as significant in this context as in the earlier paragraphs but it is a limiting factor which could in some situations require access to purely factual reports on which the provisional estimates are based.

I move amendment No. 49:

In page 11, subsection (1), line 8, to delete paragraph (g).

We are once again discussing the backup data but on this occasion I have the support of Deputy Shatter and Deputy Spring though Deputy Spring has not been much support as he has not been here all day but I am sure Deputy Shatter has the full power of Fine Gael behind him. Perhaps the Minister will alter his views, as a result of that last minute attack, on the failure to change the backup data.

I move amendment No. 52:

In page 11, subsection (1), line 34, to delete "one month", and substitute "40 days".

I move amendment No. 53:

In page 11, subsection (2), line 46, to delete "one-month", and substitute "40 days".

I move amendment No. 54:

In page 11, subsection (2) (b), to delete line 49 and substitute:

"(b) if such compliance materially modifies the data concerned, any person to whom the data were disclosed".

I move amendment No. 57:

In page 12, lines 3 and 4, to delete "his compliance with the provisions of this Act in relation to".

This amendment makes it clear that the duty of care imposed by the section on data controllers will apply regardless of whether they are complying with the data protection provisions. Amendments Nos. 58 and 59 are consequential and include a drafting change involving the substitution of "dealing with" for "processing, keeping, use or disclosure", Apart from being simpler, this expression has the advantage of removing any possible doubt about the application of the section in cases where a breach of the duty of care towards a data subject arises in the rectification or erasure of personal data.

I move amendment No. 58:

In page 12, line 4, after "collection" to insert "by him".

I move amendment No. 59:

In page 12, lines 5 and 6, to delete "the processing, keeping, use or disclosure of" and substitute "his dealing with".

I move amendment No. 60:

In page 12, line 7, to delete "concerned:" and substitute "concerned, which duty may be construed to allow a claim fo physical and/or financial loss, and for nervous shock, if breached".

I put down this amendment because the section, as it is framed, makes no reference to the construction that is to be put on this duty of care that is owned and it is not clear whether it would encompass economic or financial loss. I should like the Minister to address that.

Section 7, as drafted, will allow a claim, as outlined, to the extent that the law of tort provides for damages in respect of any of these matters. All the section does is fill any gap there may be in the present law of tort as regards the existence of a duty of care between a data controller or processor and the data subject concerned. If damages can now be awarded under the particular headings referred to then the data subject will be entitled to them under the provisions of this section.

The important point is that section 7 does not change in any way the existing principles governing the award of damages in tort cases. Indeed it would be undesirable if the provisions of the Bill were to effect any change in the principles governing the general law of tort that would be applicable only to breaches of a duty of care by data controllers or processors.

For those reasons I am unable to accept the amendment. But I have no reason to think that the existing law of tort, as extended by the provisions of section 7, would not deal adequately with any claim for damages that might arise in regard to data protection.

As it is now 7 p.m. I am required, in accordance with the order of the House today, to put the following question: "That the amendments set down by the Minister for Justice for Committee Stage and not disposed of, are hereby agreed to and, in respect of each of the sections undisposed of — other than section 13 — that the section or, as appropriate the section as amended, is hereby agreed to in Committee; that the First and Second Schedules, the Third Schedule, as amended, and the Title are hereby agreed to in Committee; that the Bill, as amended, is hereby reported to the House; that the amendments set down by the Minister for Justice to the Bill on Report Stage, are hereby agreed to, that Report Stage is hereby completed and the Bill is hereby passed."