Thursday, 20 May 2021

The Government is committed to introducing a statutory sick pay scheme in Ireland and work is well underway in this regard with Heads of Bill currently being drafted.

Officials from my Department have held several meetings in recent weeks with the Department of Social Protection and Department of Public Expenditure and Reform to finalise the design parameters of the scheme. The Tánaiste Leo Varadkar, T.D., also met with the Minister for Social Protection, Heather Humphreys, T.D., to discuss the development of the scheme on April 22nd.

A Regulatory Impact Assessment is also being finalised and the Tánaiste plans to bring a Memo for Government to cabinet in the coming weeks seeking approval to draft the General scheme of a Bill. The Tánaiste has also secured a commitment from the Office of the Attorney General that the drafting of the Sick Leave Bill will be prioritised.

By bringing forward this legislation we will be adding to the range of reforms in recent years to improve social protections for workers including the introduction of paternity benefit, parental leave benefit, enhanced maternity benefit, a national minimum wage set at a higher rate than most of our peers, restrictions on zero-hour contracts and the extension of social insurance benefits to the self-employed and those working in the gig economy for the first time, such as treatment benefit, invalidity pension, jobseekers benefit and a contributory state pension with no means test.

I propose to take Questions Nos. 159 and 163 together.

I am aware of the two pieces European legislation to which the Deputy refers and would advise him that these are in fact proposals for Regulations rather than Directives. In both cases the regulations propose general frameworks for systemic obligations which would be placed upon the providers of respectively artificial intelligence products and digital services.

The governance structure for the Digital Services Act foresees a major role for national Digital Services Coordinators in regulating such providers headquartered in their Member State. However, there is also a role for the European Commission itself in regulating this sector particularly where Very Large Online Platforms are concerned. A European Board for Digital Services, consisting of representatives from all national Digital Services Coordinators will provide advice to individual Digital Service Coordinators and the Commission in the fulfilment of their various functions.

In the case of the Artificial Intelligence Act competent authorities and market surveillance authorities in each Member State will be responsible for regulating the providers of prescribed Artificial Intelligence systems headquartered in their Member State.

GDPR and DPC are matters for my colleague the Minister for Justice and the Department of Justice.

I propose to take Questions Nos. 160, 164 and 165 together.

My attention has been drawn to the fact that the US Senate is considering a draft Bill that targets jurisdictions with inadequate enforcement of data protection law.

Based on contact with officials in the Department of Justice, the sense appears to be that this is squarely focused on China and it is unlikely that Ireland would end up on a “black list” of countries from which an export license would be required but my colleague the Minister for Justice is probably best placed to answer this definitively.

Ireland's system of Industrial Relations is based on voluntarism. While the right of workers to form associations and join a trade union is enshrined in Article 40 of the Irish Constitution, under Irish law there is no obligation on employers to recognise any union for the purposes of collective bargaining.

This dispute is essentially a matter for the company and its employees to resolve. I have no role in these matters.

My Department adopts a defence in depth approach to cyber security. This approach uses multiple layers and disparate systems to deliver security which is not dependent on any single component. Given the heightened level of risk which currently exists, our technical staff has adopted a posture of increased vigilance and oversight of systems.

My Department is taking advice from our own security advisers, and is also monitoring advice and guidance coming from the National Cyber Security Centre (NCSC) on any additional steps which should be implemented in the light of current risks.

For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements, or to allow those criminals to enumerate differences in approach between public bodies which could be used to identify targets.

Therefore, it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.

Compliance with GDPR EU requirements is an ongoing process that changes over time in line with new and emerging data protection requirements. My Department and the Offices under its aegis have a number of comprehensive processes in place to meet the compliance requirements of the GDPR and data protection laws. This includes a full-time dedicated Data Protection Officer, general and specifically tailored training courses for staff and regular reviews of data protection compliance in the various Business Units across my Department involved in personal data processing activities.

In addition, my Department and the Offices under its aegis have implemented a number of specific protocols to deal with issues such as personal data breaches, data protection privacy statements, privacy notices, data protection impact assessments and also regularly engages with Data Protection Commission, the Irish Data Protection Supervisory Authority, to ensure that it meets the data protection compliance requirements of new or changing data protection practices.

The EU Network and Information Security Directive is focused on a number of identified critical sectors (energy, transport, water, health, digital infrastructure, finance, online market-places, cloud and online search engines) and is not directly applicable to my Department.

In relation to Annex 9 of ISO 27001, my Department does not have formal certification against the standard. However, an independent review of my Department’s cyber security practices found that, of the 14 compliance areas under Annex 9 of ISO 27001, my Department was fully compliant with 10 of those compliance areas, and it has since achieved full compliance with 12 areas. My Department is also compliant in respect of its operational practices with the remaining two compliance areas, but does not have formal policies in place to reflect that practice. These will be put in place shortly.

Capita Business Support Services Ireland, trading as Eircode assigns Eircodes to new property addresses using a valid postal address and verified geo-locations. An Post collects information on new and existing buildings, as well as changes to existing addresses and Ordnance Survey Ireland provides the geo-locations for these buildings. An Post GeoDirectory, a subsidiary company of An Post and Ordnance Survey Ireland, issue a new release of the GeoDirectory database file on a quarterly basis to Eircode in accordance with their licence agreement.

Each new postal address assigned an Eircode is published on the free to use Eircode Finder website, a notification letter is issued to the property occupant containing the Eircode of that address and an updated Eircode Database is provided to licensed businesses for their use. Once the Eircode database is updated on a quarterly basis it is then a matter for individual Eircode database providers to release updates to commercial businesses in accordance with the terms of their licence agreements.

An Post have informed my officials that the individual's address data has been recorded in their systems and this information should be issued from An Post GeoDirectory to Eircode in the next assignment of the database. My officials have requested Eircode to contact and liaise directly with the individual in question regarding the assignment of an Eircode for this new property address.

More broadly, the Deputy might be interested to know that in October 2017 a new emergency mobile phone precise location service was launched that greatly assists the emergency services in determining the exact location of people in need that call 999 or 112.The Advanced Mobile Location (AML) is available on both Android and Apple devices and works by automatically finding a phone's GPS co-ordinates and sending them by way of a text message to the Emergency Call Answering Service when a 112 or 999 number is dialled. The co-ordinates are immediately passed to the emergency services in responding and dispatching emergency personnel to callers in need across Ireland. The National Ambulance Service use AML which plots the mobile location automatically on the call takers OSI map. Approximately 55% of emergency calls from mobile devices have AML data and it is of vital assistance to Emergency Services around the country, but particularly in rural areas.

Early assignment of Eircodes is contingent on An Post facilitating the increased frequency of new and changed addresses from quarterly to monthly to Eircode through their subsidiary An Post GeoDirectory. My officials are working with An Post, Ordnance Survey Ireland, An Post GeoDirectory and Eircode to expedite the process of assigning Eircodes for new properties with postal addresses and geo-locations.

The Waste Action Plan for a Circular Economy outlines the measures Ireland is taking under the Single Use Plastics Directive (EU 2019/904) and beyond to substantially reduce the amount of single use plastic items we use and to sustainably manage the waste arising from those we do.

The Directive will be transposed by the deadline of 3rd July 2021 and from that date single use plastic cutlery, plates, straws, balloon and cotton bud sticks may not be placed on the Irish market. This ban will also apply to expanded polystyrene cups and food containers and all products containing oxo-degradable plastic.

The Plan details our commitment to lead EU efforts in this area through working towards an eventual ban on disposable coffee cups and cold drinks cups and to set up new Extended Producer Responsibility (EPR) schemes for other plastic waste streams covered by the Single Use Plastics Directive including tobacco products, balloons, wet wipes and fishing gear. It also sets out a road map for the introduction of a Deposit and Return Scheme for plastic bottles and aluminium cans by the third quarter of 2022.

The Communities Energy Grant (CEG) Scheme funded by my Department and operated by the SEAI, makes grant funding available for community-based partnerships to improve the energy efficiency of the building stock in their area. The scheme supports cross-sectoral, partnership approaches that deliver energy savings to a range of building types including public, commercial and community buildings with a particular focus on using the projects to deliver home retrofits. A capital budget of €30 million has been provided for this scheme in 2021.

The CEG scheme also supports new approaches to achieving high quality improvements in energy efficiency and installation of renewables within Irish communities. Communities do this by bringing together groups of buildings under the same retrofit programme to facilitate community-wide energy improvements more efficiently and cost effectively than might otherwise be possible.

While farmers can benefit from this scheme, SEAI does not have a specific categorisation for farming. As such, a breakdown of farming participation numbers are not available. However, SEAI has over the last number of years been actively working with Co-ops and creameries to increase awareness of the CEG scheme.

PV installs, although not supported as a sole measure under the scheme, are supported as part of a final energy plan for any business where the installation is for self-consumption purposes. The focus of the CEG scheme is fabric first and SEAI look to ensure that the fabric and other heavy energy consumption activities on a site are addressed prior to the install of any PV measures.

The table below sets out the total amount of grant funding provided to community and other elements (i.e. other than homes) under this scheme for the past two years. This includes support for businesses and farms and covers all project measures including solar. The lower spend in 2020 reflects Covid impact on retrofit work. While projects for 2021 have been approved, grant payments will not be made until later this year.

The Excellence in Energy Efficiency Design (EXEED) grant scheme also supports organisations (business and public sector) to undertake design, construction and commissioning projects using the EXEED certification process. Details of scheme spend per year as well as funding awarded in respect of the agriculture sector is set out in the table below. EXEED capital grant support is only applicable for assets which are working towards EXEED certification for excellence in energy efficient design. The projects set out below included a wide range of measures, not only solar PV.

My Department implements a security-by-design and defence-in-depth approach to cyber security. The Government’s services are still actively involved in managing and remediating the recent cyberattack on the HSE. Our technical staff continue to operate and monitor all relevant systems to the highest levels, and are closely engaged with experts in the OGCIO and the NCSC to ensure that we follow best practice as it relates to all aspects of Cybersecurity. For operational and security reasons, we are advised by the NCSC not to disclose details of systems and processes which could in any way compromise those efforts. In particular, it is not considered appropriate to disclose information which might assist criminals to identify potential vulnerabilities in departmental cybersecurity arrangements. Therefore it is not considered appropriate to disclose particular arrangements in place in relation to cyber security tools and services and my Department does not comment on operational security matters.

The introduction of a Waste Management (Circular Economy) Bill is a commitment under the "Waste Action Plan for a Circular Economy", published in September 2020. My Department is currently finalising the draft Heads of the Bill, after which I intend to seek Government approval to publish the General Scheme.

On the issue of CCTV, it is the view of the Data Protection Commission (DPC) that, although the Litter Pollution Act and the Waste Management Act provide local authorities with powers to prevent, investigate, detect and prosecute littering and dumping offences, the Acts do not provide for processing of images of members of the public using CCTV footage. This advice is being considered by my Department and is subject to internal legal advice.

It is also my intention to facilitate the use of a range of Audio Visual Recording equipment, including CCTV, under the Bill. A combination of legislation and guidance should help to ensure that the processing of personal data may be carried out by local authorities tasked with enforcing litter and waste law, providing a deterrent, and in order to protect our environment from the scourge of illegal dumping, while at the same time respecting the privacy rights of citizens.