Léim ar aghaidh chuig an bpríomhábhar

Dáil Éireann díospóireacht -
Thursday, 24 Oct 2002

Vol. 556 No. 2

Data Protection (Amendment) Bill, 2002 [ Seanad ] : Second Stage (Resumed).

Question again proposed: "That the Bill be now read a Second Time."

This is an important Bill as the availability of data is a huge issue for people. Data are used in many areas for sales and other purposes. I welcome the Bill but I draw the Minister of State's attention to certain aspects of the legislation. As the Minister said, the Bill is very technical so we need to go into great detail in discussing it. It originated in the EU and much of the debate on the Nice referendum revolved around the huge amount of detailed legislation coming from Europe which deals with data. People are frustrated by this, in both their business and personal lives, as much of it is not relevant to them.

I wish to address the issue of data held by financial institutions. I recently came across the case of a man who was in financial difficulties for three or four months six years ago when his cheques were not being honoured by the bank. Today he is still on a database available to all financial institutions and he cannot get a loan if he applies for one. His bank had confidence in him and knew he would get out of his difficulties and build up a thriving business, which he did, and he now employs a huge number of people. The banks should not be allowed to pass such information on to each other and the Minister of State should accept this point, which has been made by previous speakers. Banks are giving a service and charging enough for that service – there are charges for interest and there are also further charges.

The example I gave can be replicated in every parish in the country. Any good business can get into difficulty and fall into arrears at some point but it is the sign of a good businessman if the business can get through it. The person involved in the example I gave was able to overcome this, and there are many other people in the same situation. In the 1980s interest rates were as high as 18 to 20% – at one stage the interest rate on overdrafts was over 20% – and people found themselves in financial difficulties for one reason or other. Some of those people are still blacklisted and that should be addressed.

In the cases of people anxious to buy their own houses, Members know it is cheaper to get money from a building society or bank than a local authority. Some people are reverting to local authorities for finance to buy their homes because they are blacklisted by the financial institutions and I beg the Minister of State to change this position.

In Britain employers are permitted to access police files. What is the situation in Ireland in that regard? I do not stand up for those who commit crimes but some people in society get into trouble with the law when young and we all want them to change their ways. They can become very good citizens and data on their crimes should not be held against them. These issues should be examined as many people are worried about data in those contexts.

I do not pretend to be an expert on data protection but when I heard the Minister of State and the rest of the contributions I asked myself where we were going in this country. We are getting nearer and nearer to a police State. I am not in favour of this Bill and I hope my party opposes it as too much private information is being gathered, by whom I do not know. Who is gathering the data and what are they doing with it? There is nothing wrong with getting statistics and other data but why should my private data or anyone else's be used by private companies to make money?

Every week this House passes legislation. This Bill relates to data protection and getting information, yet as a representative elected by the people, I cannot get answers to questions I put down to Ministers. The new method involves the Minister for Health and Children referring questions to the chief executive officer of the health board, while the Minister for Education and Science refers one to a website. Is this where we are going? Are we becoming like Iraq? There was a 100% turn-out recently for an election in Iraq. If those on the opposite side had their way we would have a 100% turn-out and we would know who people were voting for. I wonder what is happening and where we are going. We are turning into a police state. I was recently in the office of an official of a health board. He was able to find information on what social welfare payments a person was receiving. The next thing will be that the Revenue Commissioners will be able to tap into bank accounts to see what people have and what they do not have. Is this the next step? We should not allow this situation to continue.

As Members of the Oireachtas we all receive e-mails every day from all over the country. We received many nasty e-mails during the recent referendum campaign but the senders did not give their names. We could not respond to those writers because we could not be sure who was sending the e-mails. The senders of e-mails should be identifiable by name and address when they send e-mails to offices and homes. I suggest that the proposed legislation examine this.

I can give an example of what happened to me recently as a result of the Freedom of Information Act. Journalists and others regularly request information on Members' expenses. I have no problem with that; it is their right. I was asked for details under the Freedom of Information Act. I wanted to know who was asking for the information. I put in a freedom of information request to find out who was making freedom of information inquiries about our expenses. I was told that personal information could not be given to me. I asked for that as a written reply and I said that my solicitor would obtain a legal order to test the Freedom of Information Act. Following consultation with the commissioner, the official contacted me and said that the commissioner was in agreement with me; if a person has my information then I should be entitled to his. I have not received that information to date. The person making the original request has not collected the information, probably because I wanted to know their identity.

I am all for freedom, I am all for information and I am all for data, but it must be a two-way process. If a public representative asks a parliamentary question, he must be given a reply. If Joe Soap uses the Freedom of Information Act to obtain information, then Joe Washing-Up Liquid must be allowed find out who is looking for that information. It cannot be all one way. I ask that the Government examine this aspect of freedom of information. I believe in giving out all the information that is required. If I was a Minister on the other side of the House tomorrow morning I would tell the departmental officials to make everything available because then there would be no questions to be asked.

I believe public information should be made available but private information should remain private. I do not believe that this Bill will protect people. The Garda Síochána has enough powers. The Criminal Assets Bureau was the best thing ever for dealing with the criminals. Information should not be collected on behalf of an individual and used against them at a later stage.

I know of a case where a person applied to a bank for a loan. The loan was issued and when the person defaulted a family member undertook to repay the loan for them. They were then given a bad credit rating. People can get into financial difficulties for whatever reason, as Deputy Hayes said, and things can then turnaround for them. I wonder why the bad information can be used against them at a later stage. I do not like this Bill. I do not like what is happening in this country. We are becoming more and more like a police state. It is time to call a halt.

I am glad I cannot use the Internet. Child pornography is going into every home. I do not allow my children to use the Internet because it is dangerous. There are sick, warped people in the world. We should be introducing legislation to protect children instead of which we are trying to get more information to use against people at a later stage. I am opposed to this Bill. There is enough information already available. I do not object to public information being available but private information will always fall into the hands of people who want to use it against you when you are vulnerable. The Garda and the banks will use it to suit themselves. The health boards and the local authorities will use that information against you, not for you. That is why I am opposed to this Bill.

On first inspection this is a complicated Bill. It seeks to amend the Principal Act with quite a number of amendments. It would have been easier if the whole Act had been redrafted so that everything was contained in one Act. I take the Minister of State's point when he regretted the fact that it has taken so long to bring this Bill forward and to transpose the directive into law.

We live in a data age. The Internet is here to stay and will become more important. This Bill also deals with ordinary manual files. It means that from now on, people will have to be very careful about how such files are kept. If I am not mistaken, access to these files will be restricted and controlled.

Directives are being introduced to control spam and e-mails. It appears it is possible for people from remote areas to gather data from a person's computer without permission. I believe it is possible to gather information relating to a person's financial, medical or business affairs if these are stored in a personal computer. I ask if this practice can be controlled.

I commend the Data Protection Commissioner and his office for their work. It is very important and technical work. I have read the 2001 report and they seem to be doing a very good job. I also note that they were recruiting extra staff. I ask the Minister of State to ensure that this office has all the staff and resources it requires so that it can protect citizens.

The Minister of State referred to data about deceased persons. The Minister of State said that he did not regard it as important even though there is a provision in the directive to enable this to occur but that it was not necessary at this time to include controls, restrictions and safeguards for data on deceased persons. I do not fully agree with the Minister of State on this point. If somebody passes away, data pertaining to them becomes readily available and if it is possible to disseminate that data everywhere that could be quite hurtful to the family and friends of the deceased. If somebody had a disease – for instance, AIDS – and they did not want it known, that data could be made available. I understand from the legislation that there are few controls in that regard. Making such data available could be quite hurtful to the family and to the good name of the deceased. We must ensure we protect the good name and privacy of deceased people, and this has come up in other contexts as well. A time limit could be imposed if the Minister of State so wishes, but it is an issue at which he should look again. I understand this issue is not included in the legislation, although it has been provided for under the directive.

The original legislation and this Bill refer to direct marketing which is important from an economic viewpoint in that people may collect data on individuals and target them by post, telephone, e-mail or other methods. As far as I can see, direct marketing is not defined in the legislation, although it is defined in other jurisdictions. It might be useful to include a definition of "direct marketing" in the Bill, if it is not already in it.

As far as I can see, penalties for offences under the original legislation have not been increased or changed and perhaps the Minister of State might consider that. I take it the references to punts have been changed by another Act.

Deputy Hayes mentioned information being held for some time by the financial institutions. I would like to instance a case where information on an individual was held by the Garda for some time. The individual was involved in an incident 12 years previously. He applied for and was awarded a job in a health board but had forgotten about the incident in which he was brought before the courts for a minor matter and given the Probation Act. After being awarded the job, he was told he could not be employed because he had not told the health board about the incident. Record of the incident was still in the system and when the health board checked with the Garda, it discovered the offence which was so minor the individual concerned had forgotten about it. Perhaps this is an area which needs to be examined, although I do not know whether it comes within the scope of this Bill.

Controls on the transfer of data outside the State are welcome but I wonder how realistic it will be with the Internet. Will we be able to enforce those controls? There are also plans to monitor e-mails, web pages and so on. Perhaps the Minister of State will comment on that when summing up. How advanced is that proposal? What are the Government's plans in this regard? The EU has brought forward a directive in this area. Is it the State's intention to allow this to happen or are e-mails and web pages being monitored at the moment?

I understand records of telephone bills and of telephone calls cannot be held after a certain period. Perhaps the Minister of State will clarify whether that is the case. Is there access to telephone bills or to records of telephone calls made and received?

I note the Information Commissioner has made considerable efforts to inform people about the functions of his office but many people do not know their rights, and that is not the fault of the Information Commissioner. Radio and television advertising is necessary to inform people of their rights under this legislation in a simplified manner so that the lay person understands that they have rights, for example, to prevent information being processed under certain conditions and to access information being held on them. Most people do not realise they have those rights and it is important they are made known widely and constantly. Brochures and pamphlets are all very well but I do not believe people read them. A targeted radio and television campaign to inform people of their rights would go a long way to ensure this legislation meets its intended purpose.

I mentioned manual data. Is there a time scale before that provision comes into force? Many small companies and individuals will have to get their act together in that regard.

The Bill refers to electoral activities. Politicians may put together databases for electoral purposes. This is an area of which we need to be careful. I hope that matter will be teased out further on Committee Stage because electoral purposes can cover many areas. The Bill states that the section does not apply to processing carried out by political parties or candidates for election to or holders of elected political office in the course of electoral activities. That is very broad and I suggest it be narrowed a little to perhaps the time the election takes place. Another speaker referred to the use of the electoral register which cannot be used for commercial purposes, although it can be used for political purposes.

The Minister may negate many sections of the Bill by regulation. This is a matter about which I am always concerned, that is, when we include "opt outs" in legislation. The Bill refers to the right to object to processing data likely to cause damage or distress. The Minister can make regulations in such cases without reference to the House other than to lay the regulation before it. That is a matter about which I am a little concerned given that we seem to be moving away from accountability in the House. Ministers are increasingly taking powers to themselves to amend legislation by way of secondary legislation. We do not have effective mechanisms to examine secondary legislation which is being brought forward all the time. Ministers reply to parliamentary questions by telling Deputies to look up their web page or Internet site, as the Minister for Education and Science did recently. The Taoiseach has decided it is only worth coming into the Dáil for one and a half days per week. Ministers increasingly want to bring forward legislation outside the House and we wonder why "Oireachtas Report" is on television so late at night and why people say the House is no longer relevant. This is a dangerous precedent.

The other area I want to raise is genetic coding and testing. This is a whole new area whereby a person's genetic code can be held as data and possibly used. What safeguards are there to ensure people have rights in this area? Does the Bill give rights to individuals or do we require other legislation?

I am not saying anyone should clone the Minister of State, God knows one is enough. Imagine, however, if somebody had the Minister of State's genetic code and discovered there was some genetic flaw in his make-up. I am not suggesting there is: I am sure he is perfect. What if the Minister of State, or whoever, was seeking alternative employment but this flaw in their genetic make-up was known to leave them susceptible to some form of disease? How sure are we that such information can be protected?

Legislation of this nature is extremely complicated but it is also vitally important. It is very difficult for Deputies on the Opposition benches whose job it is to go through this legislation in detail and try to strengthen it by finding flaws and areas that could be improved. This is particularly so as it is amending an Act resulting from a convention. To fully understand this one must read the convention, read the original Act and then read this Bill and try to bring the whole lot together. For a Deputy on this side of the House to do that is extremely time consuming, yet we have zero resources to help us.

A majority of Ministers welcome a proper, structured debate on Bills like this, especially on Committee Stage. If we want a House that is going to legislate properly, however, and if we on this side are to debate in a positive and constructive way with Ministers, we must have resources in order to study the issues and find out exactly what the legislation means in certain areas. We lag behind other countries in bringing this legislation before the House, but I wish the Bill well in its passage.

I have to admit that I have not fully studied the Bill but I have listened to some of the contributions. It is important to express a few anxieties I have regarding data generally, and some of my wishes also because there are also benefits in this.

I cannot help thinking about the doctor-on-call system. I know that may sound like a health issue but it is very important in a constituency like mine at present, and I am sure the system will spread to other areas. One of the most frequently expressed anxieties of those who have to use this system is that a strange doctor visiting them does not have the background information he might need on the patient concerned. Those on medical cards in particular may not, for various reasons, have as much information available to a doctor on call. It should be possible for doctors to have that basic information stored on a laptop computer so that patients could be assured they would not be given any medicine or treatment that would have adverse effects. I have some reservations about the existence of too much data, which I will come to later. However, there are areas such as this where information could be of great value. It could save lives and it would certainly leave patients more at ease if the strange visiting doctor could refer to their medical records.

Another matter raised on the Order of Business this morning concerned the amount of information available on education. I was very frustrated last night with the replies I received to my questions on education. I was informed that all I or my secretary had to do was connect to the Department of Education and Science website to obtain the information I required on a school in the far end of County Monaghan. This House is losing the run of itself if a Minister is not answerable to it. The type of answer we would get through a computer is one that the teachers or pupils of that school could get for themselves. As elected Members we are surely entitled to more, to the background information and to some direct answers to the questions we actually ask. This is particularly the case with the current Minister for Education and Science. He is the one who would very quickly accuse us of localism and of not having a broader remit as elected representatives whenever we raise matters regarding our own constituencies. Yet he has taken the broader remit from us by telling us we are merely entitled to the same information as any other individual that can connect to a computer.

I hope that what the Ceann Comhairle promised this morning will materialise and that we get proper answers to the specific issues we raise with the Minister regarding the future of the next generation. The Minister of State, Deputy O'Dea, was a great advocate of education and its needs, and we freely admit that probably the greatest ever advocate of free education was from the constituency and party of the Minister of State. For the current Minister to remove that promise, however, absolutely downgrades this House. Many other Members feel this way, including possibly those in the Technical Group in the Minister of State's party, headed by Deputy Lenihan. It is great to see there are technical groups on both sides of the House. This matter must be rectified and clarified.

Another area of data that causes me problems is the computer system in the Department of Agriculture and Food. Different sets of computers exist throughout the country that do not seem to be interlinked. While it is very important that farmers are paid through a computer system as quickly as possible, the computers involved do not link up, for whatever reason, and anybody who falls through the system will find themselves going for months without payment through no fault of the individual farmer.

The farmer is told that the computers are down or that they are not compatible. The only thing a farmer, 65 or 70 years of age, living on a small holding who may not have seen a computer wants is a cheque in his hand. It is vital that the problem is cleared up once and for all.

I do not apologise for putting on record the story of an aged farmer with seven cows living in a mobile home. Through a fault in the information fed into a computer one of his animals that never left his farm was recorded as being dead. Although the agricultural officers visited the farm and were satisfied that everything was correct, that was unacceptable. The veterinary surgeons visited the farm, and that was acceptable. It took from January to June before the matter got to the office in Kildare Street. The office in Kildare Street had trouble getting it to Portlaoise. Eventually I traced it through to Portlaoise, in a file, not having been put into the computer so there was no way the farmer could have been paid. That gives the computer system a bad name. There was carelessness somewhere along the line and it was the farmer who had to pay for it. I cannot understand how, for example, at the ploughing championships a computer based system with all the data available throughout the country could be set up in the middle of a field at a few days notice and yet that same system cannot be in my home town of Ballybay, serving County Monaghan, or in the Minister of State's home town of Limerick. Consequently, the people have to get on the telephone and speak to a person using a computer at his or her desk.

During the foot and mouth outbreak computers and databases were set up in a parochial hall in Clontibret where anyone, including local farmers, could view their area aid forms. That is how the system should work. Two years later, although the Minister promised the problem would be sorted, nothing has been done at the DVO offices. If that were done it would take much pressure off older and less educated farmers while they or their agents could go to the office and sort out the problems in a matter of minutes. If we are to move forward with computer databases they have to be used properly.

Deputy Stanton spoke about direct marketing. Obviously it is a useful tool but it is often abused. It is sometimes difficult to know from where firms or companies get the names and e-mail addresses. I am aware of an aged couple who were receiving highfalutin information and were told when they had to sign the letters, return them and so on. It took months before I succeeded in getting their names wiped off the computer system. That couple thought their small farm would be taken over by this large company which did not have a clue about them. Somehow their names got on a database. Great care is needed in this area. I hope the Bill will go some way towards meeting that concern.

Another issue raised was that of the danger of information being on databases for employment purposes. Young people are subject to that as their PPS numbers are on a database. A few years ago I met a very able young man, six foot plus, who desperately wanted to join the Garda Síochána. I know the family well; they have been involved with the forces of this country for generations. The only thing I could discover, which was by accident, was that at some stage this young man was in a pub on a night it was raided. He did not get the job. By the time we had traced the problem he had passed the age for entry to the Garda Síochána. We have to be careful about the information stored on databases.

I heard another story on radio and I do not believe the radio programme in question would have brought on the individual unless the case was properly researched. A lady explained how she and her husband got into debt. As a result her family could not get credit cards and so on, yet a person coming to this country from God knows where can literally get a credit card immediately. If the information on the radio was correct, information on a database prevented that family from getting their entitlement and due process. If that is the case I would have serious concerns.

I have a certain view on drugs, drink and all that goes with them. As one of the few who opposed the extension of the pub licensing hours I hope there will soon be an opportunity to debate that issue.

Another issue raised was the material than can be downloaded from computers such as pornography which cannot be traced. Anything we can do to prevent this getting into the hands of young people must be done. In the past people did not want their sons or daughters to watch television in case they got wrong ideas on sex. Earlier in the week we discussed the issue of abuse and all that goes with it. Everything we can do to curtail the pornographic structures within the Internet should be done. We live in a global economy but as an independent nation there is an onus on us to do what we can to ensure it is traced and dealt with. We must be careful not to leave ourselves open to accusations by the younger generation when they get older that we as the leaders, at whatever level, have failed them and allowed them access to material that was not to their benefit.

One of the reasons I wanted to speak on this issue was because of the malicious material that can be put on computer and sent by e-mail without any signature or traceability. I have been the victim of some of this scurrilous activity which had to do with civic issues in my constituency. As a politician I was not too worried – most of us have reasonably broad backs. It is a serious matter so far as personnel within organisations have no right to reply and are not in a position to reply. We must do whatever we can to ensure those who put untrue and malicious information on e-mails and the Internet are dealt with. I hope that in this Bill, or amendments made to it, we will ensure that we, as a nation, have control over it and that it is dealt with.

To return to the positive aspects, these databases are a valuable asset particularly in the areas of social welfare, pension payments, etc. One has immediate access to those who have been put on databases in recent years and in unfortunate cases involving a widow or widower, their situation can be dealt with relatively quickly. When dealing with queries from those who are now in their pension years and who worked under the older systems, their records are difficult to find and in many cases, because of the extraordinary level of emigration to the United Kingdom in particular where, under EU laws, the pensions are compatible, one can only get the information through addresses, factory names, etc. That problem highlights the value of quick access and availability but it angers some people on these databases who have lived here all their lives in permanent addresses and who have paid their taxes but who have been found out to have a small English pension, which can be traced, when they see other people coming here for whatever reason, and I am not decrying the fact that they come here, and being well looked after socially while their position is questioned. We have to deal with these issues on a compassionate level and ensure that they are workable.

I have not studied the Bill to the extent that others in my party have done – there is an onus on them to do that – but I just want to make some comments on the structures generally and to urge that everything possible is done to ensure that the rights of the person are upheld and that this information is not made freely available to somebody at the press of a button. I am aware there is some looseness in the area because, for whatever reason, I discovered that I am on a number of computer lists which have been made available without my consent and I get letters from different companies and organisations as a result.

On the issue of politics, I was astounded recently to find out that we now have access to the list of names of all those who did or did not vote in the last election, although I admit I have used it at the request of one of my constituents. All I had to do was pay a small sum of money and the list was sent to me, although I have not yet had time to examine it, but it is a worrying development that so much information can be made freely available.

I want to refer finally to an issue involving a butcher who had a visit from an official from the Department of Agriculture and Food, who behaved in a very aggressive way, because of some information given to the Department that is not traceable. Regardless of who provided that information, the butcher was proved to be 100% correct but it caused great anxiety to his family and his business. If a Department is to act on any information in that way, the person who is aggrieved must have a right to that information. A Department does not have the right to act on an anonymous call and deal with it in that context. I welcome the Bill.

I welcome the opportunity to contribute to the debate on the legislation before the House although by its very nature this legislation, which involves the IT sector, will probably be obsolete by the time it is enacted.

On the issue of election lists raised by Deputy Crawford, who has left the House, since the foundation of the State it has been the practice of our party and some of the other parties to keep a note of who does and does not vote in elections. Those lists were not brought about by the advent of computerisation; they have been available for over 50 years. With the new computerisation voting system, I understand from the former Minister for the Environment that there is no question that the manner in which individuals vote will be on any record, other than the sum of votes in particular polling booths.

The speed at which data are now processed by computers means that a special committee of this House could sit on a permanent basis to update and review legislation in this area. As every Member will be aware, data stored on computers here are available, to a large extent, internationally as well. That mobility is beneficial to those who must be in a position to use this facility but there is a genuine fear that the possible erosion of privacy and other rights will be brought into question. That is the main concern of individuals in the State.

It is prudent that the Government should bring forward a set of safeguards and enshrine them in law to protect the interests of individuals while at the same time facilitate the processing of personal data for what must be legitimate use. The Bill before us today proposes to amend the Data Protection Act, 1988, which was enacted to give effect to the Council of Europe 1981 Data Protection Convention. The Minster has also taken the opportunity to improve the 1988 Act in some ways and I am pleased he has done that.

The 1988 legislation provided for the establishment of a supervisory authority which will set out codes of conduct. It is important to acknowledge the interests of various sectors of our community which have made submissions and representations identifying improvements and possible ways of amending the Bill in order to improve it, and I was pleased to hear the Minister say that he will bring forward amendments on Committee Stage. This House should examine the possibility of updating legislation in the IT area on a regular basis.

We have all benefited from the ongoing improvements in IT but in Departments we have seen examples of everybody's lives being made easier by the ongoing use of computerisation. Members of this House will be aware that it is far easier now to access information on constituents' queries, particularly in the Department of Social and Family Affairs where a mere telephone call can elicit information requested by a Deputy or a councillor. That is beneficial not just to the Members of the Oireachtas but also to the constituents who have genuine concerns or queries about payments or other problems.

In terms of the Department of Justice, Equality and Law Reform, with the use of computers we have seen significant improvements in the way the gardaí go about their daily business. One of the great strides forward is in identifying stolen cars and solving other problems before they arise. The gardaí can put information on computer which is then passed on to patrol cars which can look out for particular criminals in certain areas. This is just a personal observation, but I am concerned about the possible overuse of computerisation in areas such as local government. We may have gone a little overboard in local government and also in the health boards. On asking some officials about this, I was informed that because of the Freedom of Information Act, 1997 officers of local authorities and health boards must be very careful about the records they keep. It is important to note that this does not come cheaply. There is great expense involved in keeping such records for accountability purposes. We live in a particularly litigious society and there is always the possibility of an action being taken against an individual or a local authority. This is why they must keep their records up to date and be able to stand over them.

Previous speakers have spoken of the amount of information available over the Internet. It is a concern of mine that it may not be properly policed. Perhaps the Minister could consider encouraging international policing of the Internet. Very few houses and people in the country do not have Internet access at the moment.

More people are becoming concerned about the amount of personal data being stored by Departments, commercial organisations and individuals. In this Bill personal data is defined as "data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller". It is fair to say that there is personal information out there on file about most people in the State. As previous speakers have said, the banks in particular have huge amounts of data on individuals. One wonders to what use this is being put. In most cases it is being put to good use, but a question was raised during a recent radio programme on which people talked about their lack of success in getting financial facilities from a bank because of the track record of their parents. This is not fair to the people concerned.

I was speaking to a person recently about the success of the euro and he told me that five years ago he was able to travel to six countries in Europe and then to the USA, when there was no common currency, with only his credit card. He had absolutely no difficulty in getting funding in the various countries he visited. It is clear that the advances made in the IT sector have positive aspects and, on balance, are mostly advantageous, but we must be mindful of the speed at which these advances are taking place. As a legislative body, we should be updating our legislation on an ongoing basis.

I commend the Minister on his proposal to introduce the new subsection 4(13), not related to the EU directive, whereby safeguards on the provision of data are provided in relation to a person's recruitment or continued employment. This is a positive move. My one plea to the Minister is to have a system which would allow him to update the legislation in this area continually.

I thank all the Deputies for their contributions and for the many interesting and thoughtful points raised during the debate. I will try to respond to some of them now, although many of them are more appropriate to Committee Stage. I agree with those Deputies who adverted to the fact that the Bill is in very technical language. It only takes a glance at it to realise that. People also said there was not much light to be found in the explanatory memorandum and I am inclined to agree. I suggest that in future, for extremely technical legislation such as this, the explanatory memorandum should contain a number of examples of how the Bill would operate in practice. This legislation is being introduced as a result of an EU directive which obliges Ireland to bring its law on protection and dissemination of data into line with other EU countries.

This is an amending Bill and must be read in conjunction with the Act it seeks to amend, that is, the Data Protection Act, 1988. This Act regulates the processing of personal data of data subjects, i.e. individuals who are the subject of personal data. It does not protect data relating to companies or other entities. The rights already enshrined in the 1988 Act are as follows: in section 3, the right to establish the existence of personal data and to be provided with a description of the data and the purpose for which it is kept; in section 4, the right of access to personal data; in section 6, the right to have personal data rectified or, where appropriate, erased; and the right to have personal data removed from direct mailing or marketing lists under section 2. The Bill before us proposes to supplement these rights as follows: in section 6, it includes an additional right to have personal data blocked, i.e. marked in such a way that it is not possible to process it for purposes in relation to which it is marked; and, in addition, the right to object to processing that is likely to cause damage or distress to the data's subject.

Several Deputies mentioned CCTV cameras and their potential impact on personal privacy. The purpose of CCTV systems operated by the Garda Síochána is to maintain public order and safety and to assist in crime prevention and detection. Experience to date indicates that the installation of such systems has been welcomed and they are not regarded as an invasion of privacy. People feel safer as a result of the installation of these systems. A system of grants for community-based CCTV has recently been established and in order to ensure compliance with data protection standards, grants will only be approved for schemes that comply with a detailed code of practice developed in consultation with the Data Protection Commissioner. The code deals with practical matters including the location of cameras. Clearly visible signs should be in place so that members of the public are aware that they are in a zone monitored by CCTV. Signs should also indicate the identity of the responsible person or organisation and contain contact details.

Deputies Rabbitte, O'Dowd, Healy and Crawford made reference to information required by law to be made available to the public and to the use of the electoral register for non-electoral purposes. The Data Protection Act, 1988, does not apply to information that the person keeping the data is required by law to make available to the public. Such data includes electoral registers. Concerns have been expressed over the years about the use of such public domain data for purposes such as direct marketing and I understand that this has been the subject of numerous complaints to the Data Protection Commissioner. For this reason it was decided to amend the 1988 Act in order to make it clear that where such data was processed for a purpose other than the purpose for which it was collected, the exemption would no longer apply.

Following discussion of this Bill in the Seanad it became apparent that this new provision might have unintended consequences. For example, the Department of Enterprise, Trade and Employment expressed concerns about the possible impact of the proposed wording on the use of personal data, held by the Companies Registration Office, by a third party for a legitimate purpose. In order to avoid such consequences I am reflecting on whether the proposed provision is essential, keeping two factors in mind. Firstly, we are proposing elsewhere in the Bill, in section 3, to strengthen the provisions relating to direct marketing and this will address the use of registers for direct marketing purposes. Secondly, Deputies will be aware – Deputy O'Dowd mentioned this – that the provisions of the Electoral Act, 1992, as amended, empower registration authorities to prepare and publish what is called an edited supplement, which omits the names and addresses of registered electors or electors on whose behalf requests had been made that their details should not be used for a purpose other than the electoral or statutory purpose. As I indicated earlier, I am considering the possibility of introducing an amendment on Committee Stage to address the difficulties that have been brought to our attention in this regard.

Deputy Rabbitte inquired about the consultation process engaged in prior to the publication of this Bill. A detailed consultation paper was widely circulated in 1997 to a broad range of organisations. A significant number of responses was received up to mid-1998. The subsequent drafting process required extensive consultation with the office of the Attorney General, Departments and the office of the Data Protection Commissioner.

Regarding transposition of the directive into national law, several countries have experienced difficulties in this regard. Like Ireland, France has yet to complete the transposition of the directive. While Luxembourg has enacted legislation, it appears it is not due to come into effect there until next year.

Deputy Stanton mentioned the absence of the definition of direct marketing. Direct marketing is covered under the 1988 Act. Our attention has not been drawn to any difficulties in that regard. In regard to the Deputy's remark concerning political activity and political parties, with a view to safeguarding essential features of our democratic system of elections several provisions in the Bill refer to the processing of personal data by political parties or candidates for electoral office. An exemption to the processing of sensitive personal data is made in the new section 2(b)(ix) inserted in the 1988 Act where the processing is carried out for political parties or candidates for election to, or holders of elective office, for the purpose of compiling data on people's political opinions, subject to compliance with any prescribed requirements. In addition, the right of data subject to objective processing likely to cause damage and distress does not apply to processing carried out by political parties or candidates for election to, or holders of elective political office, in the course of electoral activities.

Deputy Ring raised the issue of child pornography and the Internet. This poses significant legislative and law enforcement challenges worldwide. International co-operation is a key to progress in this area as such co-operation is ongoing in the areas of law enforcement, policy development and international agreements. Our signing of the Council of Europe Convention on Cyber Crime is an example of one of the recent initiatives in international co-operation which will help to address child pornography issues. While the nature of the Internet demands a co-operative approach, it is important to streamline our national laws and structures in order to maximise our contribution to the fight against child pornography. Following the publication by my Department in 1988 of the report of the working group on the illegal and harmful use of the Internet, a number of child pornography initiatives were established.

On the point raised by Deputy Ring in regard to credit institutions storing data, there is a central database stored by the major credit institutions containing factual information on people's credit history. One can access his or her credit details on this database by making an access request under the 1988 Act. I understand that an individual can add details to his or her credit reference file, giving people an opportunity to explain various details about their credit rating.

Deputy Crawford referred to the question of processing health data, including access to the data. This will be permitted under the proposed new section 2(b) where it is necessary to prevent injury or damage to the health of a person.

On the issue raised by Deputy Ó Snodaigh and others in regard to the definition of sensitive personal data, the definition is set out in the EU directive. This includes, for example, data in relation to a person's racial or ethnic origin as well as their political opinions and religious beliefs. Data in regard to trade union membership, physical and mental health and the commission of offences also come under this heading. It is important to point out that we are working on the definition in the EU directive and we cannot go beyond that.

The Office of the Data Protection Commissioner was established under the 1988 Act to perform a range of investigative and enforcement functions set out in that Act. The commissioner's annual report for the year 2000 not only gives informative accounts of activities undertaken during the year in question but contains valuable guiding notes and good data protection practices. The commissioner's website contains useful information and advice on data protection law and good practice.

A number of Deputies mentioned data protection, which I agree is a crucial issue. The 1988 Act already provides that appropriate security measures should be taken against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. It also provides that data controllers and data processors owe a duty of care to data subjects. The Bill before us strengthens these provisions by means of the new article 2(c) which deals specifically with security requirements for personal data.

Several Deputies, including Deputies Deasy, Rabbitte and Healy referred to the risk arising from transfer of personal data to countries without adequate data protection standards, which is important. The general position is that transfers of personal data to a destination outside the EEA may not take place unless an adequate level of data protection is in place. However, data may be transferred to a destination outside the EEA if an adequate level of protection is deemed to exist. Switzerland, Hungary and Canada have data protection regimes to satisfy European Community requirements and have been formally recognised in European Commission decisions. A problem arises, however, in regard to countries such as the United States where there is no comprehensive approach to data protection and where the approach to data protection is very different from that pursued in Europe. There is a strong tendency in the US to believe that market incentives and privacy enhancing technologies will be sufficient to protect privacy. By contrast, on this side of the Atlantic countries have enacted comprehensive data protection law to give effect, first, to the Council of Europe's 1981 Data Protection Convention and, more recently, to the EU directive. This disparity of approach between the US and EU is a matter of great concern to us, given the extent of our commercial trade and other links with the US. The agreement reached between both sides under the safe harbour privacy principles and given legal effect in a Commission decision in July 2000 is, therefore, of considerable importance. The safe harbour agreement is based on a set of data protection principles to which bodies in the US can voluntarily sign up and which guarantee adequate protection for personal data supplied to them.

A number of Deputies raised the issue of the passing of personal data to other bodies. According to the onward transfer principle, data may not be passed by a body that has signed up to the safe harbour principles to a third party unless that party is subject to an EU directive, has signed up to the principles or enters a written agreement providing a level of protection equivalent to the principles. The United States Department of Commerce website contains a number of organisations, currently 250, which have signed up to the safe harbour principles. For the purpose of data transfers to other destinations, standard contractual clauses have been jointly developed by the European Commission and the member states in order to provide an adequate level of protection. If these are considered unsuitable for certain transactions, transfers may be made under terms specifically approved by the Data Protection Commissioner who currently has, and under the Bill will retain, the power to transfer a personal data to a destination outside the State.

Deputy Gregory and others referred to e-commerce and the information society. It is clear from the growth of e-commerce in recent years that many consumers are buying goods and services over the Internet. Businesses have also been choosing to buy services in the same way. A certain amount of personal data would be inevitably collected in the course of such transaction, such as registration details, including name and address. There is a risk that this could be used for other purposes without the knowledge or consent of the data subject. For this reason the Data Protection Commissioner made regulations last year requiring all Internet access providers to register with his office. Any company that operates a website is also likely to be a data controller for the purposes of data protection and will need to register. The registration process requires data controllers to indicate the nature and extent of their processing operations. This safeguard will help to build confidence in e-commerce and encourage consumers to avail of the on-line services that are now emerging.

In regard to information policy developments generally, Deputies will be aware that the Taoiseach announced late last year the appointment of a new information society commission. It is chaired by Dr. Danny O'Hare, former President of DCU, and has a key role to play in shaping the evolving public policy framework in this area. I should also say in the current context that an interdepartmental group on legislative issues for the information society, including representatives of relevant Departments and offices, has also been established. This reflects the importance the Government attaches to information society related issues.

We are all aware of the advances in e-mail and Internet technologies that have taken place in recent years. These developments are advantageous in many ways but there are also drawbacks. Several Deputies, including Deputies Deasy and O'Dowd, spoke about the problem of unsolicited communications. The former Minister for Public Enterprise made regulations last May to give effect to the EU Directive 97/66 on the processing of personal data and the protection of privacy in the telecommunications sector. The European Communities data protection and privacy in telecommunications regulations 2002 prohibit unsolicited telephone calls or faxes for the purposes of direct marketing to subscribers who have indicated that they do not wish to receive such communication.

This option has been facilitated by the establishment of an appropriate national database in which subscribers can register their wishes. With regard to directory information, subscribers now have the possibility of indicating that they do not wish to have their personal information used for purposes of direct marketing and that they do not wish to receive direct marketing calls of faxes. Subscribers can request this opt-out from their service provider. Moreover, the additional consent of subscribers is required for automated direct marketing calls. The Data Protection Commissioner and the Director of Telecommunication Regulations are responsible for the monitoring and enforcement of these regulations.

A further directive dealing with the processing of personal data and the protection of privacy in the telecommunications sector was agreed in June. This new directive replaces the 1997 directive and the regulations which transpose that directive will be made in due course by the Minister for Communications, Marine and Natural Resources. They will also address the issue of unsolicited electronic mail, text messages, etc. The net effect of these measures together with the provisions in the Bill is that there will be a comprehensive set of legal rights available to people in relation to unwanted e-mail and other forms of communication. I admit that solving the problem of unwanted communications on a national level is difficult by its very nature, given the global nature of the Internet and telecommunication technologies.

Deputy O'Dowd's suggestion that international instruments may be required in this area is worthy of further consideration. I share the Deputy's regret at the closing of smaller banks in rural towns and the loss of personal contact which this will inevitably entail. That is strictly outside the ambit of this legislation. I have also noted his other point on bank customers and pressure but that is outside the ambit of the legislation.

Deputy Durkan mentioned the possibility of having to revisit the directive itself. The position is that the European Commission has undertaken a review of the operation of the directive across the member states and will present a report in due course. It will then consider what further community action, if any, is needed. The Commission has already indicated that it is aware of a number of concerns about the operation and implementation of the directive and may decide to address these in the context of future action. It is unlikely that the Commission will propose any significant reform of the directive in the short-term. Moreover, any medium term proposals would take several years to negotiate into an act at member state level.

This is not just a piece of technical legislation but a Bill which aims to establish an appropriate balance between potentially conflicting policy objectives and rights. We have to ensure that personal data is not used for purposes for which it was never intended, while at the same time encouraging e-commerce and facilitating international trade. We must reconcile personal privacy requirements with a need for historical research, statistical information and scientific discovery. We must also protect personal privacy while recognising the special importance of the public interest in freedom of expression. In the information society in which we now live huge quantities of data, including personal data, can be stored and processed with an ease which was unimaginable a few years ago.

The information age brings many benefits in its wake, including possibilities for improved communications and services. There are also obvious risks. We must address legitimate concerns to reap the full benefit of these new possibilities. I believe the additional safeguards in this Bill will further enhance confidence in e-commerce and e-government for the benefit of consumers and citizens. I again thank Deputies for their contributions and for raising very important issues. We will return to those on Committee Stage. I appreciate hearing the Deputies' views on the subject which we all agree affects every one of us in our daily lives. I commend this Bill to the House.

Question put and agreed to.