Dáil Éireann Debate, Tuesday - 23 January 2024
263. Deputy Catherine Murphy asked the Minister for Enterprise, Trade and Employment if he will clarify whether the transfer of data and/or records from his Department that is transferred to other departments, State bodies and local authorities is in aggregated form or on an individual basis; and the reason the data and/or records are provided. [3079/24]
View answerFurther to the information provided to the Deputy last week, I wish to clarify that both aggregated data and person-specific data sets are transferred by my Department to other departments, State bodies and local authorities. These transfers only occur where validation of data sets is required in order to deliver my Department's official functions.
For example, a weekly transfer of person-specific employment permit data is sent by my Department to the Garda National Immigration Bureau (GNIB). This is required in order to allow my officials to process employment permit applications.
Aggregated data transfers are also undertaken for the administration of certain support schemes for business with the Revenue Commissioners and in certain cases with local authorities. For example, over the last 5 years data transfers have occurred for the administration of a number of loan schemes, including the Small Business Assistance Scheme; Long Term Investment Scheme and Brexit Impact Loan Scheme. Small amounts of person-specific data may also be shared for the purposes of post audit review of these schemes to prevent fraud and to ensure value for money for the Exchequer.
Sharing of personal data may also take place in response to a valid lawful request from another public body or in accordance with existing legislative obligations. For example, my Department may share personal data with a competent authority under the EU Law Enforcement Directive for the purposes of the prevention, detection, or prosecution of criminal offences, including safeguarding against and preventing threats to security or the execution of criminal penalties. This transfer of personal data sets is generally person-specific and relates to a specific incident under investigation.
Lastly I’d like to state that, data privacy, minimisation and security are key criteria adhered to by my Department for all data transfers. All data sharing activities are underpinned by Data Sharing Agreements and Data Protection compliance processes to ensure data privacy is maintained. Person-specific personal data is only shared by my Department where there is a legitimate reason to do so, a valid lawful basis, and in strict accordance with data protection principles.
