The Government Chief Whip, Seán Kyne TD, has published the Government’s legislation programme for Summer 2019. The updated programme follows on from the special programme launched in January 2019 which focused on Brexit. We have set out below the key data protection and technology-related legislation coming down the tracks.

Priority Legislation

  • Communications (Retention of Data) Bill – This Bill will repeal and replace the Communications (Retention of Data) Act 2011 which requires data generated by mobile phones to be retained by telecommunications service providers for two years, and allows An Garda Síochána and certain other State agencies to access such data for criminal investigative purposes. The Heads of Bill were published last October 2017, following publication of Mr Justice Murray’s Review of the Law on the Retention of and Access to Communications Data, which found that many features of the 2011 Act are precluded by EU law. The Irish High Court also recently held, in Dwyer v Commissioner of An Garda Siochána [2018] IEHC 685; [2019] IEHC 48, that certain sections of the 2011 act are incompatible with EU law.

Other Legislation

  • Online Safety and Media Regulation Bill – The programme notes that work is underway on this Bill. Minister Richard Bruton TD recently launched a public consultation on this Bill, seeking the views of citizens and stakeholders on an achievable and proportionate approach to regulating harmful online content. The consultation is open until 15 April 2019 (discussed here).
  • Interception of Postal Packets and Telecommunications Messages (Regulation) (Amendment) Bill – This Bill will amend various pieces of legislation in respect of electronic communications. Work is underway on revised Heads of Bill, and pre-legislative scrutiny is still to be determined. In 2016, the Department of Justice and Equality published a policy document discussing why this area of law needs to be amended (discussed here).
  • Cybercrime Bill – This Bill will give effect to those provisions of the Council of Europe Convention on Cybercrime 2001 not already provided for in national law, in order to enable ratification of the Convention. Preparatory work on this Bill is underway.

Bills currently on the Dáil and Seanad Order Paper

  • Copyright and Other Intellectual Property Law Provisions Bill 2018 – This Bill will introduce a series of amendments to the Copyright and Related Rights Act 2000 aimed at modernising copyright and take account of certain exceptions to copyright permitted by the Copyright Directive 2001/29/EC. The Bill aims to improve access to the courts system for IP claims, in particular to facilitate lower value IP infringement cases to be brought before the District and Circuit courts. It was passed by the Dáil last July 2018, and is currently being debated in the Seanad. The text of the Bill is available here.

Bills recently enacted

  • Data-Sharing and Governance Act 2019 – This Act (2019 Act) was signed into law by the President on 4 March 2019, but requires a commencement order to come into force. It provides a legal basis for the disclosure of information (including personal data) between certain public bodies. The Act only applies where no other legal basis exists in Irish or EU law permitting or requiring data-sharing between public bodies. Whilst the 2019 Act is without prejudice to the GDPR and Data Protection Act 2018 (2018 Act), it expressly states that the legal basis set down in section 38 the 2018 Act (processing of personal data carried out in the public interest or in the exercise of official authority), shall not apply to the sharing of personal data between public bodies. This means a public body cannot rely on the public interest legal basis under the 2018 Act to share personal data with another public body. Personal data must only be shared in accordance with the 2019 Act (unless allowed for by another law). Where a public body shares personal data in accordance with the 2019 Act, a data sharing agreement must be put in place. The 2019 Act sets out the minimum mandatory content of such agreements, and requires draft agreements to be published on a public body’s website for public consultation, and to be submitted to the new Data Governance Board (yet to be appointed) for review prior to being executed.