The Minister of State is welcome as are his officials. The purpose of this meeting is to consider Committee Stage of the Data Protection (Amendment) Bill 2002.
Data Protection (Amendment) Bill 2002: Committee Stage.
I move amendment No. 1:
In page 6, between lines 41 and 42, to insert the following:
"(iii) by the substitution of the following for the definition of 'direct marketing':
' "direct marketing" includes direct mailing other than direct mailing carried out in the course of political activities by a political party or its members, or a body established by or under statute or a candidate for election to, or a holder of, elective political office;',".
The aim of this amendment is to exclude from the definition of "direct marketing" any direct mailing carried out in the course of political activities by political parties or their members or by candidates for, or holders of, elective political office. The activities of a body established by or under statute are also excluded, for example, mailing by the Referendum Commission in advance of a referendum. This amendment is in keeping with other provisions already included in the Bill which recognise the importance of elections, political parties and political activity. The right to object to processing covered in a new section, section 6A, does not apply to processing carried out in the course of electoral activities.
Political activity during elections is an essential cornerstone of our democratic system. I expect members to agree that the citizen who has a right to vote also has a responsibility and a duty to inform himself or herself about the aims and policies of rival candidates.
Can telephone canvassing be excluded from the definition of direct marketing?
The issue of the telecommunications sector using public documents is to be dealt with in separate legislation under the aegis of the Department of Communications, Marine and Natural Resources, which includes broadcasting as part of its brief. Directive 97/66 concerning the processing of personal data and the protection of privacy in the telecommunications sector was adopted on 15 December 1997 and has been transposed into domestic law by means of the European Communities (Data Protection and Privacy in Telecommunications) Regulations 2002. These regulations were made by the Minister for Public Enterprise on 8 May 2002. The task of enforcing the data protection requirements was allocated in the regulations to the Data Protection Commissioner.
On 12 July 2002 Directive 2002/58/EC on privacy and electronic communications was adopted by the Council and the European Parliament. It replaces Directive 97/66 and member states are required to give effect to its provisions by 31 October 2003. The relevant policy Department is now the Department of Communications, Marine and Natural Resources.
I am informed that there is a more strict regime in relation to telephone canvassing, of which I was not aware, but it is obviously alluded to in the statutory instrument I have mentioned. This is to be replaced and modernised as a result of the new directive, which has to be in place by 31 October 2003.
Will the definition of "direct marketing" be included in that directive?
I am not sure about that, but I will clarify it for the Deputy.
I am not clear as to why it excludes political activities. Will the Minister of State explain it again?
The aim of the amendment is to exclude from the definition of "direct marketing" any direct mailing activities which are carried out in the course of political activity by political parties or Members or by candidates for, or holders of, elective political office. The activities of a body established by or under statute are also excluded, for example mailing by the Referendum Commission in advance of a referendum. This amendment is in keeping with the other provisions already included in the Bill, which recognise the importance of elections, political parties and political activity. For example, the right to object to processing in the new section 6A does not apply to processing carried out in the course of election activities.
Political activity and elections are essential cornerstones of the democratic system. The citizen who has a right to vote also has a responsibility and duty to inform himself or herself about the aims and policies of rival candidates.
The position under the legislation is that if people want to use the electoral register for direct marketing purposes, they have to inform the people on the register of their right to object to their names being used. They can object if they so wish. We are excluding the use of the register for direct mailing for political purposes.
I move amendment No. 2:
In page 8, to delete lines 22 and 23 and substitute the following:
(a) data kept solely for the purpose of historical research, or
(b) other data consisting of archives or departmental records (within the meaning in each case of the National Archives Act 1986),
and the keeping of which complies with such".
This amendment aims to make clear that the exemption in respect of data kept solely for the purpose of historical research includes archives or departmental records as defined in the National Archives Act 1986. It is obviously important to ensure that such archives and records are safeguarded for research purposes. I expect that the Data Protection Commissioner and the director of the National Archives will work together to ensure clear and consistent guidelines in this area. I am confident that this co-operation will ensure adequate protection for all archival material.
The amendment extends the exemption for historical research to ensure that archival and departmental records are included.
I move amendment No. 3:
In page 8, paragraph (c), to delete lines 30 to 33 and substitute the following:
" '(5) (a) A right conferred by this Act shall not prejudice the exercise of a right conferred by the Freedom of Information Act 1997.
(b) The Commissioner and the Information Commissioner shall, in the performance of their functions, co-operate with and provide assistance to each other.’.”.
This amendment replaces an existing subsection with another that relates to an entirely different matter. The text of the proposed amendment deals with the interface between data protection and freedom of information regimes. It provides that a right under data protection law shall not prejudice the exercise of a right under the Freedom of Information Act 1997. For example, if a person fails to obtain access to personal data under the Data Protection Act, perhaps because it is manual data not recorded in a relevant filing system, he or she may, depending on the circumstances, have a right to gain access to that data under the 1997 Act.
To ensure an adequate level of communication and co-operation between the Data Protection Commissioner and the Information Commissioner in relation to the disclosure of personal data, the amendment also provides that the commissioners shall provide assistance to each other in the performance of their respective functions. I understand that both commissioners have been consulted and both have indicated support for the proposed amendment.
The text being deleted to make way for this amendment was originally included in the Bill to address a particular problem. This problem involved the use of public registers, such as election registers, for direct marketing purposes. The solution proposed originally was to remove an existing exemption whenever such data was used for a purpose other than that for which it was collected.
As I mentioned on Second Stage, misgivings were expressed subsequently by, among others, the Data Protection Commissioner and the Department of Enterprise, Trade and Employment on behalf of the Companies Registration Office. They were concerned that the proposed amendment could unintentionally restrict the use of certain data in a manner that would not be in the public interest. Following a review of the options, it has been decided to drop the original proposal and address the direct marketing problem by inserting an appropriate amendment, amendment No. 6, in section 3.
What would be the difficulty if this amendment was not inserted?
If somebody made an application for information under the Freedom of Information Act and could not get what he or she wanted under that Act, his or her entitlements under the Data Protection Act were unclear. This makes it clear that the two Acts are separate. If one cannot gain access to information under one Act, one may be able to do so under the other.
I move amendment No. 4:
In page 8, paragraph (a), line 42, to delete "and lawfully".
It is not necessary to state that data shall be processed lawfully in paragraph (a) because the Bill later sets out the detailed conditions under which non-sensitive and sensitive personal data may be processed. Paragraph (c)(i) already states that the data shall have been obtained only for one or more specified, explicit and legitimate purposes. The words used in the EU directive in this context are similar to those in the Council of Europe convention, on which the 1998 Act is based. Therefore, the existing wording in the 1998 Act should also remain unaltered. We are just reverting to the original terminology.
I move amendment No. 5:
In page 9, to delete line 29 and substitute the following:
"(c) by the deletion of subsection (6), and”.
The need to delete this subsection in the 1988 Act was overlooked when the Bill was being drafted. The subsection was originally included in the 1988 Act to allow for the possibility of additional safeguards in respect of the handling of sensitive personal data. However, the provision was never used and no regulations were ever made to provide such additional safeguards. The provision is now superfluous since specific safeguards are set out in the Bill for the processing of sensitive personal data.
I received some proposed amendments from the Construction Industry Federation. I could submit these amendments and the Minister of State's officials could consider them.
I am sure the Minister of State and his officials could consider them for Report Stage——
——and perhaps the Deputy will converse with them to enable them to consider their merit.
Most of them pertain to section 3. I will submit them to the Minister of State.
I have no objection to that. If Deputy Deasy forwards the list of amendments to me, we will consider them for Report Stage. Any we consider worthy of inclusion, we will include, and any we do not consider worthy of inclusion can be tabled by the Deputy on Report Stage.
I move amendment No. 6:
In page 10, line 29, after "data" to insert ", including personal data that is required by law to be made available to the public,".
The proposal to insert the words, "including personal data that is required by law to be made available to the public", is intended to address the use of public data such as registers for direct marketing purposes. The amendment means that where personal data obtained from such a source is to be used for direct marketing, the persons to whom the data relate must be informed by the data controller that they may object, free of charge, to any such processing.
This amendment will effectively address the difficulties which have arisen over the years and which have given rise to complaints to the Data Protection Commissioner without any of the unintended consequences identified in relation to the original proposal. I referred to this amendment when I dealt with amendment No. 3.
This amendment provides a further protection.
This amendment provides that if a marketing company uses the electoral register as the basis of a directory of names for the purposes of forwarding its material, it must get permission from all the people on that register to allow their names to be used. The company must write to inquire if people object to their names being used and people can reply, free of charge, to the effect that they do object, in which case the matter would be effectively concluded.
This was the subject of an EU directive.
Yes. It was the subject of one in respect of marketing companies.
Can the company inquire from people if it has permission to use their name?
The company is obliged to write to people asking them if they have an objection to their name being used.
Amendment No. 9 is related to amendment No. 7 and they may be taken together by agreement.
I move amendment No. 7:
In page 10, to delete lines 41 to 51 and substitute the following:
"(a) the data subject has given his or her consent to the processing or, if the data subject, by reason of his or her physical or mental incapacity or age, is or is likely to be unable to appreciate the nature and effect of such consent, it is given by a parent or guardian or a grandparent, uncle, aunt, brother or sister of the data subject and the giving of such consent is not prohibited by law,”.
Amendments Nos. 7 and 9 deal with the issue of data subject consent. The EU directive which forms the basis of this Bill provides that the processing of non-sensitive and sensitive personal data is permitted with the consent of the person concerned, that is, the data subject. In the Bill we propose that consent should be explicit in relation to non-sensitive and sensitive personal data.
As I mentioned on Second Stage, the directive does not prescribe explicit consent when it comes to processing non-sensitive data. In short, the Bill as it stands exceeds what is required by the directive. Following concerns expressed by a range of interests including, most recently, the legal affairs group of the Information Society Commission, I propose to drop the requirement for explicit consent in relation to non-sensitive data.
The directive is unclear on whether the consent required for the processing of non-sensitive data needs to be qualified in any way. Article 7 of the directive refers to the data subject unambiguously giving consent, but the corresponding recital refers only to the consent without any reference to unambiguous. It appears that a number of member states have opted to use the word "consent" without any qualifying adjective. For reasons of clarity, I propose to provide for consent in the case of non-sensitive data but for explicit consent where sensitive data is to be processed.
The other issue that was raised following publication of the Bill related to the age of data subjects. As the Bill stands, the consent of a parent or guardian is required where the data subject is under the age of 18. However, many people of this age are in third level education or working and parental consent is neither feasible nor necessary. I propose that the consent of a parent or guardian should be required only where the data subject is unable to do so for reasons of physical or mental incapacity or age. The age will vary according to the subject.
The Missionaries of the Sacred Heart were in touch with the Minister of State on 29 October regarding section 4 in relation to section 2A of the principal Act, but I do not believe their concerns were taken on board. I will read the concerns they outlined. They stated that they are concerned with the current wording of section 4 in relation to section 2A(1) of the principal Act because they believe that the literal interpretation of the phrase "explicit consent" could be understood to mean that data subjects would be required to opt out of giving permission to data controllers to use their data for direct marketing purposes. They are conscious of the interpretation of the EU directive by the British Government where the word "consent" is interpreted as opt out. They state that in view of the level of business between the two parts of Ireland and between Ireland and the UK, it would be quite problematic to have two different interpretations of the same directive in respect of legislation in both countries.
The Deputy mentioned this matter to me prior to the meeting. My understanding is that we have acceded to what they wanted. They wanted us to drop the term "explicit" in relation to non-sensitive data, which is precisely what we have done.
Therefore, the Minister of State has dealt with their concerns.
In relation to, say, Thom's Directory, would it be able to publish its directory, in that, the information therein does not seem to be sensitive?
It appears that Thom's Directory is based on the electoral register and it can continue to use the electoral register. However, I am advised there is a problem on the horizon in that there is a new provision whereby people can also opt out of being included in the electoral register in the future.
They can opt out rather than opt in.
They can opt out.
I move amendment No. 8:
In page 11, line 31, after "Government," to insert "or".
This is a simple drafting amendment.
I move amendment No. 9:
In page 12, to delete lines 8 to 20 and substitute the following:
"(i) the consent referred to in paragraph (a) of subsection (1) of section 2A (as inserted by the Act of 2003) of this Act is explicitly given,".
I move amendment No. 10:
In page 13, between lines 29 and 30, to insert the following:
"(vi) the processing is necessary-
(I) for the administration of justice,
(II) for the performance of a function conferred on a person by or under an enactment, or
(III) for the performance of a function of the Government or a Minister of the Government,".
This amendment will permit the processing of sensitive personal data on a number of grounds not originally included in the Bill. These grounds relate to the administration of justice in the performance of functions conferred by a statute or required for the performance of a function of the Government or a Minister of the Government. It will mean, for example, that a court may use data relating to the physical or mental health of previous convictions of a person appearing before it.
These particular forms of processing have not been mentioned specifically in the Bill, as proposed, because it had been intended to provide for them in regulations to be made under paragraph (x) at a later date. However, the point was made on Second Stage by Deputy Stanton that introducing statutory provisions by means of secondary legislation was less desirable than making explicit provision in the proposal for primary legislation. I agree with Deputy Stanton that as a general rule and whenever possible detailed provision should be included in primary legislation and that is why I decided to take his point and include this provision in primary legislation.
I move amendment No. 11:
In page 14, to delete lines 24 to 219 and substitute the following:
"(xi) the processing is necessary for the purpose of the assessment, collection or payment of any tax, duty, levy or other moneys owed or payable to the State and the data has been provided by the data subject solely for that purpose,".
This is a drafting amendment. The Office of the Revenue Commissioners has requested that this paragraph be redrafted in order to encompass the full range of Revenue activities. Apparently, the original paragraph did not catch all that the Revenue does. It suggested an amendment and put forward the terms of it to encompass the full range of its activities.
Levies are covered under it.
Amendments Nos. 14 and 20 are related to amendment No. 12 and they may be taken together by agreement.
I move amendment No. 12:
In page 14, line 42, after "regulations" to insert "made after consultation with the Commissioner".
The aim of these three amendments is to ensure adequate consultation with the Data Protection Commissioner prior to the Minister making the regulations provided for in each case. Such consultation with the commissioner is already provided for elsewhere in the Bill in relation to other matters and would appear to be fully justified in these instances also.
I move amendment No. 13:
In page 14, between lines 51 and 52, to insert the following:
"(3) The Minister may by regulations make such provision as he considers appropriate for the protection of data subjects in relation to the processing of personal data as to-
(a) the commission or alleged commission of any offence by data subjects,
(b) any proceedings for an offence committed or alleged to have been committed by data subjects, the disposal of such proceedings or the sentence of any court in such proceedings,
(c) any act or omission or alleged act or omission of data subjects giving rise to administrative sanctions,
(d) any civil proceedings in a court or other tribunal to which data subjects are parties or any judgment, order or decision of such a tribunal in any such proceedings,
and processing of personal data shall be in compliance with any regulations under this subsection.".
It had originally been intended to introduce provisions in relation to this matter by means of regulation. What I am proposing here is that more specific provision be made for regulations in this area: I am introducing a provision that will govern the type of regulations that are still to be made. The subsection I am proposing by means of this amendment relates to the handling of sensitive personal data concerning offences, administrative sanctions and judgments or decisions in civil proceedings. It may be entirely reasonable and necessary in certain circumstances for a data controller to keep a record of offences or sanctions, but due to the sensitivity of such data the record should be treated and handled with care.
Of course, some data relating to offences and so on may already be in the public domain, but other data may not be. For example, an insurance company may be fully justified in retaining material of this nature for the purpose of guarding against fraudulent claims. Detailed regulations will be introduced to deal with this type of data, but they will be introduced within the terms of this new subsection.
Amendment No. 14 has already been discussed with No. 12.
I move amendment No. 14:
In page 17, subsection (4), lines 27 and 28, to delete "prescribed by regulations made by the Minister" and substitute "specified in regulations made by the Minister after consultation with the commissioner".
Amendments Nos. 15 and 17 are related and may be discussed together by agreement. Is that agreed? Agreed.
I move amendment No. 15:
In page 18, line 10, after "data" to insert "unless the communication of that information is contrary to the public interest".
I am proposing to take amendments Nos. 15 and 17 together because they deal with the issue of confidentiality of sources and information supplied in confidence. I am concerned that the new requirements on a data controller to disclose whatever information is available on the sources of data could have unintended and serious consequences. One of these might be a profound reluctance to volunteer information in a variety of situations where the availability of that information could have beneficial consequences. I am referring to situations in which a well-intentioned and concerned person might have a suspicion of wrongdoing of some sort and may wish to bring that to the attention of the authorities. The possibility that sources might be disclosed could deter the giving of such information and this would not be in the public interest. For these reasons I am proposing the insertion of a public interest test in order to protect certain sources of information.
Amendment No. 17 relates specifically to section 4(8) of the 1988 Act, which deals with access to personal data concerned with mental or physical health or data kept for, or obtained in, the course of social work. It provides for the making of regulations restricting access to such data where the Minister considers it desirable in the interests of data subjects to do so. Such restrictions are currently set out in the Data Protection (Access Modification)(Health) Regulations 1989 and the Data Protection (Access Modification)(Social Work) Regulations 1989. The effect of the regulations relating to health and social work is that health data, or data obtained in the course of carrying out social work, shall not be supplied to a person if it would be likely to cause serious harm to the physical or mental health or emotional condition of that person. Arising from concerns raised by the Department of Health and Children, I am proposing that the grounds for restricting access be broadened to include those of public interest. This is also consistent with the public interest provisions of the Freedom of Information Act 1997.
Could the Minister of State expand on his reference to certain sources of information?
To give an example, in the context of social work or abuse of children, somebody making a complaint, raising suspicions or bringing information to the attention of the authorities should be protected. The data controller should have the discretion to protect those sources in order to encourage people to come forward. If the data controller - in this instance, the relevant health board - decides that the information should not be issued in the public interest, the person seeking the information will have an appeal to the Data Protection Commissioner. The public interest test applies under the freedom of information legislation in the same way, resulting in an appeal to the Information Commissioner.
It could be obtained for other means - for example, by lawyers - but the phrase "in the public interest" could apply to anything, so the Minster of State is trying to tighten up the provisions about public interest.
The intention is that the source will normally be disclosed, unless it is clearly in the public interest not to disclose it. That decision will be taken in the first instance by the data controller - the person in possession of the data - but the person seeking the information, if the decision goes against him or her, may appeal to the data commissioner.
Where there is personal information or a personal opinion involved in relation to a person, how does the Minister of State foresee this provision being applied? Supposing I, as a social worker or teacher, make a report in relation to somebody, and that person then receives that information, I could be intimidated based on the fact that the person has seen what I said about him or her. It is my professional assessment, but it may hurt the person nonetheless. Will that kind of consideration be given to the release of information so that intimidation will not be possible?
Coincidentally, that point is the subject of the next amendment.
I move amendment No. 16:
In page 18, to delete lines 38 to 44 and substitute the following:
"(b) Paragraph (a) of this subsection does not apply-
(i) to personal data held by or on behalf of the person in charge of an institution referred to in section 5(1)(c) of this Act and consisting of an expression of opinion by another person about the data subject if the data subject is being or was detained in such an institution, or
(ii) if the expression of opinion referred to in that paragraph was given in confidence or on the understanding that it would be treated as confidential.',".
I am also concerned that the provision whereby expressions of opinion by another person may be released without obtaining the consent of that person may create pressure to release material that was given in confidence or under the understanding that it would be treated as confidential. The amendment I am proposing to address this is self-explanatory. The Freedom of Information Act already restricts access to information given to a public body in confidence or on the basis that it would be treated as confidential if its disclosure would be likely to prejudice the giving of further information from the same person or other persons. Perhaps that addresses Deputy McGrath's concerns: if the information or opinion was given in confidence, the data controller cannot inform the subject of the information about what it was. Either side may appeal to the data commissioner.
I can foresee difficulties with this one. I had a client not so long ago who wanted information pertaining to himself. He discovered that he had been hospitalised on one occasion because a professional had indicated that he had an alcohol problem, which he disputed. He was sore about finding that this was on his file and wondered what the evidence was and what tests had been done. It is a tricky area and we should be careful not to put professionals in a position where they are afraid to write anything on a file, resulting in their not doing their jobs properly. In the social work area it is important that all a client's information is pooled together, but if there are to be subsequent restrictions on what can be released, we could see a diminution of the efficacy of the service and of real analysis of the difficulties people undergo and how they can be addressed. Is the Minister of State satisfied that this amendment will deal with this tricky area? Are the professionals happy that this will work?
I agree that it is a complex area. This subsection will be the subject of cases before the data commissioner. Part of the regime of data protection we are putting in place includes the right of people to access data retained on them. For certain reasons that right cannot be unrestricted. In the Bill, as originally drafted, there was nothing to deal with the situation the Deputy mentioned and that was brought to our attention by a number of sources. We are now inserting this subsection to provide for a data controller, such as a health board or hospital, getting an opinion. Part of the data held could contain an expression of opinion from a professional and the dealing between that professional and the data controller was on the understanding that it would be confidential. We are providing that the data controller will not be allowed to release those opinions because the understanding was they were given in confidence. It is straightforward.
No matter how clear legislation is, it will still be the subject of dispute in individual cases. We decided to keep this simple. If anyone has any suggestions about how we might strengthen this between now and Report Stage, we will be open to considering them because I realise there is a problem here. Our solution was to insert a simple provision stating that if the opinion was given in confidence, it cannot be released. If anything extra needs to be added, I will consider it.
Is there any crossover between this Bill and the Freedom of Information Act?
There is a similar provision in the Freedom of Information Act. We are bringing the data protection legislation into line with the Freedom of Information Act.
Will the Minister of State look at this before Report Stage and reinforce it so that the professionals will be happy with it?
I move amendment No. 18:
In page 20, before section 6, to insert the following new section:
6.-"Section 5 of the Principal Act is amended by the insertion in subsection (1) before paragraph (h) of the following paragraph:
'(gg) kept by the Commissioner or the Information Commissioner for the purposes of his or her functions,’.”.
The purpose of this amendment is to shield personal data in the possession of the Data Protection Commissioner and the Information Commissioner for the purposes of their respective functions from access requests. By virtue of section 5 of the Data Protection Act 1988 the Data Protection Commissioner is already protected from such requests where he or she is carrying out an investigation of an offence under the Act. Where the activity being investigated does not constitute an offence the protection afforded by section 5 may not be adequate. Likewise the Information Commissioner is protected under section 46 of the Freedom of Information Act from access requests under that Act but it does not extend to data protection access requests. The proposed amendment will address these shortcomings
I move amendment No. 19:
In page 21, line 24, before "is" to insert "or data subject".
The right to object to processing will not apply in certain circumstances. These are outlined in section 6(3)(a) and include cases where the processing is necessary for compliance with any legal obligation to which the data controller is subject. It has been pointed out that data subjects may also be subject to legal obligations, for example, payment of taxes, and that the right to object to processing should not apply in such cases. This is a reasonable and sensible suggestion and I am proposing that any reference to any legal obligation be broadened to include any such obligation on data subjects as well as data controllers.
I move amendment No. 20:
In page 21, lines 33 and 34, to delete "by regulations made by the Minister" and substitute "in regulations made by the Minister after consultation with the Commissioner".
I move amendment No. 21:
In page 23, before section 8, to insert the following new section:
8.-Section 8 of the Principal Act is amended by-
(a) the substitution of ’processing’ for ’disclosure’ in each place where it occurs, and
(b) the deletion of paragraph (g).
The purpose of this amendment is to ensure consistency between section 8 of the 1988 Act and the new definition of "processing" in this Bill. The amendment will mean that restrictions on processing set out in the 1988 Act do not apply in the situations outlined in section 8. This will ensure conformity with Article 13 of the data protection directive which provides for restrictions on the obligations and rights set out in the various articles for the reasons set out in article 13.
I move amendment No. 22:
In page 25, to delete lines 45 to 47 and substitute the following:
(I) any enactment, or
(II) any convention or other instrument imposing an international obligation on the State,".
This is a drafting amendment aimed at improving lay out and clarifying content. It does not alter the substance of the Act.
I move amendment No. 23:
In page 32, line 51, to delete "stand prescribed for the time being" and substitute "be specified in regulations made by the Minister after consultation with the Commissioner".
Registration requirements were set out in section 16 of the 1988 Act. This Bill proposes to replace subsection (1) of that section by providing for the registration of all data controllers and processors except those specifically excluded. Some of the excluded categories are already specified but there is also provision for the exclusion of prescribed categories. Prescribed in this context means prescribed by regulations made by the commissioner with the consent of the Minister.
As the directive contains some flexibility regarding registration, and since registration could be seen as involving an additional burden on small scale data controllers and processors, where there is no obvious risk to fundamental rights and freedoms, I intend to seek the views of interested and relevant parties regarding future registration obligations. I propose, therefore, that the registration requirements will be specified in regulations made by the Minister after consultation with the commissioner rather than by the commissioner with the consent of the Minister.
The proposed change is largely one of form rather than substance but it is a recognition that registration is a policy issue and not just a technical matter. Before concluding this point I want to make it absolutely clear that data protection law already applies, and will continue to apply, to data controllers and processors irrespective of whether they are required to register or not. The registration requirement does not and will not change that.
I move amendment No. 24:
In page 34, before section 17, to insert the following new section:
Section 31 of the Principal Act is amended in subsection (1) by:
(a) in paragraph (a), the substitution of ’€3,000’ for ’£1,000’, and
(b) in paragraph (b), the substitution of ’€100,000’ for ’£50,000’.
On the basis of advice provided by the Office of the Attorney General, it is proposed to increase the fine limits set out in the 1988 Act. The fine of £1,000 on summary conviction is to be increased to €3,000 and the fine of £50,000 for conviction on indictment becomes €100,000.
What is the €100,000 fine for?
It is for an offence under the Act where a person is convicted on indictment.
Amendments Nos. 26 and 28 are related to amendment No. 25 so they will be taken together.
I move amendment No. 25:
In page 35, lines 23 to 25, to delete subsection (3) and substitute the following:
"(3) Subject to the subsequent provisions of this section, this Act shall come into operation on such day or days as, by order or orders made by the Minister under this section, may be fixed therefor either generally or with reference to any particular purpose or provision and different days may be so fixed for different purposes and different provisions including the application of section 19(1) to different provisions specified therein.".
The Bill as proposed provided for its entry into force on a specified day after its passing, two months after the passing of the Bill. These amendments are procedural and will allow activation of the provisions of the Bill by means of commencement orders. This will facilitate the consultation process I have already mentioned in relation to future registration requirements. It will also facilitate a delayed activation of the enforced subject access provision in section 5. I mentioned on Second Stage that concerns had been expressed that this possibility would no longer be available and that I was reflecting on how best to proceed in relation to this matter. Apart from the exceptions I have mentioned, it is intended to proceed to commencement as soon as possible, following enactment.
I move amendment No. 26:
In page 35, lines 26 to 29, to delete subsection (4).
I move amendment No. 27:
In page 35, subsection (5), lines 34 and 35, to delete "data held in manual" and substitute "manual data held in relevant".
This is a drafting amendment designed to clarify the sense of subsection (5).
I move amendment No. 28:
In page 35, subsection (6), lines 37 and 38, to delete "at any time after one month from the date of the passing of this Act but, in particular,".
I thank the Minister of State and his officials for attending the meeting.