Minister of State Dara Murphy welcomes new EU data law

Ireland’s status as a location for high-tech multinationals will not be adversely affected by new EU data legislation to be agreed by the end of the year, the Minister of State for Data Protection has said.

Speaking ahead of a key meeting of EU ministers today in Luxembourg, at which member states are expected to agree a common position on the legislation, Minister of State Dara Murphy said Irish authorities would continue to regulate companies located here – a key demand for Ireland since negotiations on new EU data legislation began four years ago.

“Our ambition was originally that there would be a ‘one stop shop’, system, a single point of entry for citizens and companies that would allow companies that are based in Ireland to deal with the Irish data protection office. I’m very optimistic that this will be agreed today,” Mr Murphy said.

Contentious

EU member states are expected to sign-off on a new regulation on data protection that will replace the current directive, which dates from 1995.

Discussions will start in the European Parliament on June 24th with final agreement expected by the end of the year.

The negotiations have proved contentious, given concerns among a number of member states, particularly France and Germany, about data privacy protection.

As many of the world's biggest internet companies including Google, Facebook and Linkedin have their European headquarters in Dublin, Ireland will be particularly affected by the new laws. Countries such as Britain, the Netherlands, Poland and the Nordic countries have shared a number of Ireland's concerns during the negotiations.

The so-called ‘one stop shop’ model will allow citizens to make complaints about companies and bodies in their country of residence.

The current system has led to citizens in other EU states taking cases against the Irish data protection commissioner in the European courts. Under the new system, citizens will be able to refer a complaint to the data protection authority in their own state, though the complaint will then be referred back to the “host” country.

decisions can then be referred to a European Data Protection Board, consisting of national data protection authorities, who will issue a binding decision on the judgment.

Mr Murphy has said that, while Ireland welcomes the proposed changes, the new system could be cumbersome.

Appeals process

“We have some concerns over the appeals process. We want to ensure that not too many cases end up there, and they are only referred if there is a substantive reason behind the referral,” he said.

He welcomed the suggestion of a two-year review clause.

Other changes include rules obliging internet companies to delete personal data in certain circumstances, following the ‘Right to be forgotten’ case of 2014, in which Google was ordered by the European Court of Justice to remove data from internet searches.