· Good afternoon
· As Minister for Data Protection, I am delighted to have the opportunity to speak to you today on Data Protection Day, or Data Privacy Day, depending on where in the world you live. Go raibh míle maith agaibh le haghaidh an cuireadh agus tá fáilte roimh go léir.
· To begin, let me thank Jim Gregg from the Irish Computer Society, as well as the Association of Data Protection Officers for the invitation to speak here today.
· It is a year to the day since I spoke at your 2015 conference. I had just been appointed a few months earlier as the first Minister in the EU with responsibility for data protection and speaking at your conference was one of my first key engagements.
· On days like this, it is useful to look back on what has been achieved in the past 12 months.
· 2015 was without doubt a significant year for Data Protection.
· Among other developments, we saw the Court of Justice of the European Union deliver its judgement in the Schrems case and the resulting striking down of the Safe Harbour decision.
· We have seen that Court reinforce the independence of the Data Protection Authorities across the EU.
· We have also seen the Court assert the central position of the Charter of Fundamental Rights of the European Union, with the right to privacy and the right to the protection of personal data being core to a number of its decisions.
· But what does this actually mean for us as a society? Does having a right to the protection of our personal data change things?
· We live in a digital era.
· Technology has an enabling role in almost every facet of our lives. Without it, we would simply be unable to continue to live our lives as we do.
· And with this technology comes data - large amounts of data that we generate about ourselves; where we are, who we are with, what we are doing, what we have bought and where etc etc.
· As individuals, as users of services, we need to be data savvy.
· As users and consumers of services, we need to understand the importance of protecting our personal data.
· We need to ask ourselves: do we sometimes casually trade our personal data for convenience in signing up to services?
· We need to ask why we so readily share our personal data on line in a manner that we would not ordinarily contemplate in our private, off line lives.
· As a society, I believe we do need to have conservations about these issues.
· Not so that we can hinder technological developments but rather to allow us to understand fully what these changes mean for us, and to act accordingly, changing our behaviour where necessary.
· It was with this in mind that I established the Government Data Forum last year.
· It brings together experts from a range of sectors including industry, civil society, the legal field, sociology, psychology as well as the public sector to consider some of these complex questions, to contribute to this dialogue, and to further explore the unique opportunity that Ireland has to lead on these issues
· This morning, as chair of the Forum, I was very pleased to launch its first publication which looked at the data privacy implications for citizens of our emerging Smart Cities .
· This report, ‘Getting Smarter with Smart Cities’ was authored by Professor Rob Kitchin of the Programmable City programme at Maynooth University.
· Smart Cities without doubt bring many potential benefits in producing more efficient, productive and sustainable cities but as importantly, should contribute to our cities being better places in which to live and work.
· This report provides us with food for thought on a path towards achieving both these goals, in a way that ensures that we do not compromise data privacy and data protection.
· It also provides direction to allow Ireland set an international example by embracing these emerging technologies while creating a trusted, transparent and balanced environment.
Office of the Data Protection Commissioner
· Central to delivering this environment is having a strong independent regulator in place.
· It is testament to the Government’s commitment to the area of Data Protection that the resources allocated to the Data Protection Commissioner have been substantially increased both this year and last.
· The 2016 budget has seen a cumulative 150% increase in the Commission’s budget since 2014 (increasing from €1.89m in 2014 to €4.8m in 2016)
· By the end of this year, we will also have seen a 100% increase in the number of staff employed by the Commission since 2014 (increasing from 31 in 2014 to 64 by end 2016).
· This additional funding has allowed the Commissioner, Helen Dixon, to significantly expand her team.
· Over the last 6 months of 2015 alone, she recruited 16 new staff including lawyers, technologists, investigators and a communications expert.
· This expansion will continue during 2016, during which time she will recruit a further 15 staff.
· And I was very pleased last month to announce, along with the Taoiseach, that we had secured a new Dublin office for the Commissioner on Fitzwilliam Square.
· The office is being fitted out over the coming months, with the Commissioner’s staff moving in over the Summer.
General Data Protection Regulation
· The Commissioner’s Office will assume an even more critical role when the new EU Data Protection Regulation comes into force in Spring 2018.
· It’s now four years since negotiations began on a new Regulation for the EU, a regulation that was certainly needed.
· I am proud to say that Ireland has been to the forefront of these negotiations. I know that Seamus Carroll from the Department of Justice addressed you this morning - Seamus has been a key figure in these talks for the past four years and has been instrumental in moving them forward.
· This new Regulation will see a harmonised approach to Data Protection across the Member States with an agreed set of rules to be applied in a uniform manner across all 28.
· It will establish rules adapted to the 21st Century,
· It will enhance the level of personal data protection for individuals and increase business opportunities in the Digital Single Market.
· The One-Stop-Shop mechanism will simplify the lives of both citizens and business by ensuring that you will only have to deal with one data regulator for breaches occurring anywhere in the 28 Member States.
· We strongly advocated for a workable Regulation, which avoids delays and cumbersome bureaucracy. The Global Innovation Index 2015 ranks Ireland as the 8th most innovative countries in the world. And we must ensure that the Regulation only enhances this status.
· Preparing for the new Regulation means that organisations right across the private and public sectors will need to get up to speed on their obligations, ensure that they have the right systems in place, and that appropriate training is provided to all concerned.
· The people in this room will play a central role in ensuring that your organisations are fully prepared to meet their responsibilities under this new regime.
Awareness raising
· It is something that we have already started to prepare for in the public sector.
· Raising awareness of the importance of Data Protection and ensuring that it moves up and stays up the agenda is one of my key responsibilities.
· With this in mind, I have established the Interdepartmental Committee on Data Issues which brings together the key people in each Government Department with responsibility for Data Protection.
· The Committee met four times last year and is set to become the vehicle for devising and sharing good practice across the civil service.
· Our Data Protection Commissioner has met with the Committee and as on other occasions, she very clearly set out her expectations of policy makers in ensuring that Data Protection concerns are at the front of their minds in developing new policies.
· This Privacy by Design approach reflects one of the key developments that the new EU Regulation will bring.
· This approach will result in more care being given to privacy related issues at the outset and this will provide an overall better outcome for the citizen.
· We also ran two very successful awareness raising events last year, one for the local government sector, the other for the State board and semi-state sector. Both were very well attended and I was really taken with the levels of interaction at both.
· This type of event will become even more important over the next two years as we gear up to adopt the new Regulation.
· These events allow us to increase our knowledge and awareness of the issues.
Trust
· And with knowledge and awareness comes trust.
· It follows that people will not engage with businesses or use technology which they do not trust.
· Only last week, a survey showed that 81% of people are not satisfied that they can control the privacy of images that they post on social media.
· A key finding from the Data Protection Eurobarometer survey published by the European Commission last June is that trust in the digital environment remains low.
· More than 60% of the citizens surveyed do not trust online businesses.
· Seven out of ten people surveyed are concerned about their information being used for a different purpose from the one it was collected for.
· This highlights a key challenge we have. People want the conveniences and advantages that digital technology brings but will only engage if they can fully trust it.
· In order for us to realise the full potential of the digital economy, we need to improve this trust. And we can improve this trust.
· But we can only do it by working for it and by creating greater understanding and awareness.
Cyber Security
· Your conference has presented very interesting and in ways, troubling statistics about the number of data breaches being suffered in Ireland.
· Reports of cyber attacks on companies, both public and private, are becoming more and more regular.
· You may be aware, for example, that last Friday, a cyber attack on Government systems temporarily brought down the websites of a number of Government Departments. Thankfully, the issue was swiftly resolved.
· Last July, I was very pleased to see the publication of the National Cyber Security Strategy 2015-2017.
· This is an important development in setting out how Ireland will engage with a dynamic and challenging aspect of developments in digital technology.
· It states the Government's approach to facilitating the resilient, safe and secure operation of computer networks and associated infrastructure, with responsible for delivery being with the National Cyber Security Centre, based in the Department of Communications, Energy and Natural Resources.
· Its recommendations will help strengthen Ireland’s position in this area.
· Key among these is the formal establishment of our National Cyber Security Centre, encompassing the Computer Security Incident Response Team (CSIRT-IE), introducing primary legislation to allow us comply with our EU requirements and enhancing co-operation with key State Agencies, industry partners and international peers in the interests of protecting critical infrastructure and improving awareness.
Conclusion
· I firmly believe that events such as today’s are key in improving our awareness and learning.
· It is also important for us to take time away from our day-to-day work and allow ourselves the opportunity to think about the important challenges facing us.
· I hope that these two days have allowed you to do this – certainly in looking at the agenda for your conference, it has touched on many of the key issues facing professionals working in the Data Protection field.
· I would like to thank you again for the invitation here today and wish you all the best for the remainder of the afternoon.