Proposed law change will not stop data privacy complainants speaking out - Department of Justice

Amendment will make disclosure of information deemed ‘confidential’ by Data Protection Commission an offence

A Department of Justice spokeswoman says nothing in the amendment would prevent a complainant speaking out about the nature of their data privacy complaint or that a complaint had been made to the Data Protection Commission. Photograph: Dara Mac Dónaill
A Department of Justice spokeswoman says nothing in the amendment would prevent a complainant speaking out about the nature of their data privacy complaint or that a complaint had been made to the Data Protection Commission. Photograph: Dara Mac Dónaill

A proposed law change aims to ensure effective investigations by the Data Protection Commission (DPC) of data privacy complaints and will not prevent complainants speaking out about their concerns, the Department of Justice has said.

The department was reacting on Monday to claims by the Irish Council for Civil Liberties (ICCL) that an amendment to a Bill due for final debate this week is a “last-minute” effort to “muzzle” critics of the commission’s handling of complaints.

The amendment provides that the DPC may direct that information deemed by it to be confidential should not be disclosed. Failure to comply with a direction will be an offence liable on summary conviction to a €5,000 fine.

Dr Johnny Ryan of the ICCL said on Sunday the amendment “will gag people from speaking about how the DPC handles their complaint, and from speaking about how big tech firms or public bodies are misusing their data”.

READ MORE

The ICCL believes there is no explanation concerning what, or why, information may be deemed confidential, he said. “Even information that is not ‘commercially sensitive’ will no longer be utterable.”

The amendment would mean journalists would be unable to properly report on Ireland’s General Data Protection Regulation (GDPR) supervision of big tech firms with European headquarters in the State, including Google, Meta and TikTok, Dr Ryan said.

A spokeswoman for the Department of Justice said on Monday that there appeared to be “a misinterpretation” of the scope and purpose of the amendment.

The intention to bring forward an amendment to the confidentiality provisions of the Data Protection Act 2018 – being effected by amendment of the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 – was highlighted to the Dáil in October and November last and does not impact on media reporting on the GDPR or on the DPC’s obligations under the GDPR, she said.

Nothing in the amendment would prevent a complainant speaking out about the nature of their data privacy complaint or that a complaint had been made to the DPC, she added.

The amendment applies only to persons engaged with the DPC in the context of the performance of statutory functions, referred to as “relevant functions” in the Data Protection Act 2018, including inquiries and investigations, defined in section 26A (5), she said.

The aim was “to ensure investigation of breaches of GDPR can be investigated effectively and fairly so that robust sanctions can be applied and the privacy of EU citizens protected”.

Breaches of confidentiality during an investigation could undermine the ability to effectively regulate data processors and allow breaches to go unsanctioned, she said.

While the amendment permits the DPC to direct that information was not to be disclosed, the commission must identify the specific information and the specific reasons by reference to the definition of confidential information, she said.

Mary Carolan

Mary Carolan

Mary Carolan is the Legal Affairs Correspondent of the Irish Times