A proposed law change that would provide the Data Protection Commission (DPC) may direct that information deemed by it to be confidential should not be disclosed has been questioned in the Dáil by a Government TD.
Green Party TD Patrick Costello asked whether the Attorney General had signed off on an amendment to the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 or had he been consulted.
The Irish Council for Civil Liberties (ICCL) said on Sunday the amendment was a “last-minute” effort to “muzzle” critics of the commission’s handling of complaints.
Dr Johnny Ryan of the ICCL said the amendment “will gag people from speaking about how the DPC handles their complaint, and from speaking about how big tech firms or public bodies are misusing their data”.
Dancing with the Stars 2025: Who are the contestants, when is it on and more
The Legend of Sparrow Robertson: The last sportswriter in Nazi Paris
Joe Humphreys: Lessons in philosophy from Sally Rooney’s latest novel that can help us make sense of the world
If we really wanted to be good and healthy in 2025, we’d resolve to pester our politicians
The ICCL believes there is no explanation concerning what, or why, information may be deemed confidential, he said.
“Even information that is not ‘commercially sensitive’ will no longer be utterable.”
The amendment would mean journalists would be unable to properly report on Ireland’s General Data Protection Regulation (GDPR) supervision of big tech firms with European headquarters in the State, including Google, Meta and TikTok, Dr Ryan said.
Speaking on Wednesday, Mr Costello said he wanted to ask the Minister of State at the Department of Justice James Browne whether the “Attorney General has signed off on this”.
“Has the AG been consulted,” Mr Costello said. “Have we gone to the Attorney General and asked whether this amendment passes constitutional muster?
“Does it meet the test set out in [the Supreme Court’s] Zalewski [decision] by the Chief Justice because I really do not think it does and legislation that is unconstitutional is just going to cause problems and delays as it gets appealed through the courts.”
Social Democrats TD Catherine Murphy said it looked like there had been “a very successful effort in lobbying by the big tech companies”.
“To do this without adequate scrutiny, where it has the potential to do great harm, is really taking very serious risks,” she said.
“Essentially, withdrawing these two amendments would be the better option so that they can be introduced or considered at another point, when there is adequate time to go through the entire legislative process whereby they are open to amendment, they come back on report stage and they go through the proper rigour.”
Ms Murphy added she had received correspondence from a number of organisations and individuals, and there was “a real concern about what is being proposed here and about the method being used to do this”.
“It is being done in a way that is really bypassing the kind of scrutiny that we have a right to expect when laws are being made,” she added.
“There has been no effort to consult on this or to involve the public in this change and these are substantial changes.”
Labour TD Aodhán Ó Ríordáin said there was a significant discrepancy between the practice of the DPC in Ireland and that of other national data protection authorities.
“What the Government is proposing will make it even harder to get the DPC to share information with third parties, including our partners in Europe, seriously undermining our credibility in this area,” he said.
A spokeswoman for the Department of Justice said on Monday that there appeared to be “a misinterpretation” of the scope and purpose of the amendment.
The intention to bring forward an amendment to the confidentiality provisions of the Data Protection Act 2018 was highlighted to the Dáil in October and November last and does not impact on media reporting on the GDPR or on the DPC’s obligations under the GDPR, she said.
Nothing in the amendment would prevent a complainant speaking out about the nature of their data privacy complaint or that a complaint had been made to the DPC, she added.