Dáil Éireann Debate, Tuesday - 7 July 2020
843. Deputy Róisín Shortall asked the Minister for Health his plans to review the involvement of a company (details supplied) in State-funded genomic research, in the absence of rigorous data protection structures, in view of the lack of public engagement on this matter and concerns over the compliance of the company with general data protection regulation; and if he will make a statement on the matter. [14416/20]
Amharc ar fhreagraThere is already in place in Ireland a rigorous and statutory data protection structure for the protection of personal data processed for health research purposes.
The provisions of the General Data Protection Regulation apply. They require that: the principles in Article 5 are adhered to, a legal basis in Article 6 applies, a condition in Article 9 is met and that suitable and specific safeguards to protect the data subject are in place.
Section 36 of the Data Protection Act gives further effect to those suitable and specific safeguards. The section allows for them to be identified and specified by the Minister for Health and, after consultation with the Data Protection Commission and the Minister for Justice and Equality, to be made mandatory in statutory Regulations. That is what the Health Research Regulations 2018 do very clearly. The Regulations put in place an extensive governance structure that complements and supplements the provisions in GDPR.
Compliance with data protection law (for public and private bodies) is a matter for the Data Protection Commission. It is not for me, as Minister for Health, to determine whether a particular data controller is in compliance with its data protection requirements. If there are specific concerns with compliance they should be brought to the attention of the Commission.
