Minutes of Data Forum Meetings

Present

• Minister Dara Murphy, Minister for Data Protection (Chair)
• John Barron, Revenue Commissioners
• Seamus Carroll, Department of Justice and Equality
• Rob Corbet, Arthur Cox
• Gary Davis, Apple
• Dr Martyn Farrows, CJ Fallon
• David Fennelly, Barrister
• Harry McCann, Digital Youth Council
• Mirek Pospisil, LinkedIn (in place of Suzanne Duke)
• Niamh Roddy, IDA Ireland
• Anne Rooney, Google
• Karen White, Twitter
• Aedan Hall, EU Policy Coherence Unit, D/Taoiseach
• Adrienne Harrington, Head of Data Protection Unit, D/Taoiseach (Secretary)
• Kate Flinter, Data Protection Unit, D/Taoiseach
• Conor Gouldsbury, Advisor, D/Taoiseach

The minister welcomed all present and apologies were noted from the following:

• Tim Duggan, Department of Social Protection
• Ann Henry, Chair of the IP Committee of the Law Society of Ireland
• John O’Connor, Irish Branch of the Society for Computers and Law
• Professor Eoin O’Dell, Trinity College Dublin
• Dr Patricia O’Hara, Chair, National Statistics Board
• Professor Rob Kitchin, Maynooth University
• Derek Finnerty, Director, Storm Technology
• Professor Anne Holohan, Trinity College Dublin
• Niamh Sweeney, Facebook
• Barry Lowry, Chief Government Information Officer
• Professor John McCarthy, University College Cork
• Dr TJ McIntyre, Digital Rights Ireland
• Rebecca Radloff, Microsoft

Introductory remarks

Minister Murphy gave a brief overview of key developments since the forum last met. In particular, at the end of January, the Taoiseach officially opened the Office of the Data Protection Commissioner’s (ODPC) new Dublin Office on Fitzwilliam Square.

At the opening, the Taoiseach and Minister Murphy restated the government’s commitment to building on Ireland’s strengths in data protection and being a leader in meeting the requirements of General Data Protection Regulation (GDPR).

In addition, Minister Murphy hosted a stakeholder event in Cork in December on the Smart Cities report that the forum published last year, with more than 100 attendees from enterprise, local government and academia.

The minister also outlined the ongoing programme of work to promote awareness and preparedness for GDPR across the public service, including the information session attended by more than 300 public sector representatives in December and the upcoming event for the local government sector.

Item 1: Minutes of meeting of 30 November 2016 and matters arising

The minutes of the meeting of 30 November, 2016, were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: GDPR

The forum welcomed the range of activities in the public and private sectors to promote awareness and preparedness for GDPR and it was agreed that this momentum be built on over the year ahead. The forum, in particular through the Data Summit (see item 5 below), will play a strong role in this regard.

The forum further agreed that while there is significant and increasing awareness of the regulations and of the work that organisations need to undertake to prepare for its implementation in May 2018, further work is needed to ensure that information is reaching all audiences including the SME and not-for-profit sectors.

In addition to its work on GDPR, the forum will identify opportunities to support the work of stakeholders, such as the Office of the Data Protection Commissioner (ODPC) and the Article 29 Working Party (WP29) in this context.

• ODPC Note – GDPR Awareness Raising Activities 2017

The forum discussed the programme of GDPR awareness raising activities that the ODPC is undertaking over 2017 and it was agreed that the Department of the Taoiseach will review the programme to identify areas where the forum could support these activities.

• Update on Digital Age of Consent Issue (Article 8 of GDPR)

The Department of the Taoiseach updated the forum on developments regarding the ‘digital age of consent’. The forum noted that notwithstanding the significant level of interest, there appears to be limited research available on this specific issue.

It was noted that the department was following up on recent research on young people and decision making capacity more broadly, and would report back to the next meeting on this. The forum agreed that the department would share the findings of the forum’s consultation on this issue with other member states and stakeholders via the Centre for Information Policy Leadership’s (CIPL) GDPR harmonisation project and similar as appropriate.

The group discussed the need to clearly delineate between the aims of Article 8, namely that the processing of children’s personal data below the designated age limit (between 13 and 16) does not take place without parental consent, and broader considerations around online safety.

• Update on Data Protection Bill

The Department of Justice and Equality provided an update on the timelines for the legislation which will give effect to (i) those areas of GDPR where there is scope for member states to enact national legislation, and (ii) the Processing of Personal Data for Policing Purposes Directive.

It is intended that the draft Heads of the Data Protection Bill will be submitted to government for approval to draft in April, with a view to a draft of the Bill being published in October/November this year.

The forum noted that there are a number of data protection related cases currently before the Court of Justice of the European Union which may impact the draft Bill.

Item 3: ePrivacy Directive

The forum discussed the commission’s proposed ePrivacy Regulation which would update and expand on the existing ePrivacy Directive. The proposals, which are part of the Digital Single Market Strategy , aim, inter alia, to ensure alignment with GDPR and to expand the definitions of electronic communications services to include ‘over the top’ platforms such as Skype and Whatsapp. The commission has expressed its intention for the regulation to come into effect in May 2018 in line with GDPR.

The group raised a number of issues for consideration in relation to the proposed regulation, including a concern that the May 2018 timeline is too tight. It was agreed that there is a need for further discussion on the scope of the regulation and how it would work in practice. The EU Policy Coherence Unit, Department of the Taoiseach undertook to relay these issues to the Inter-Departmental Committee on the Digital Single Market which is coordinating Ireland’s approach to the DSM strategy and to the Department of Communications, Climate Action and Environment, which is the lead department on the ePrivacy Directive.

Item 4: Opportunities for Ireland in the EdTech sector

The forum discussed the growth of the edtech sector internationally and the potential to develop on Ireland’s existing strengths in the education and technology sectors to (i) enhance education provision in Ireland and (ii) support jobs and growth.

The membership agreed that a working group of the forum should be established to develop proposed actions in this area. It was agreed that Martyn Farrows and Harry McCann would be members of the working group and that Martyn would meet up with other members of the forum to progress this work, and report back to the next meeting.

Item 5: Update on Data Summit

The Department of the Taoiseach updated the group on the Data Summit which will take place on 15 and 16 June in the Convention Centre, Dublin. The minister thanked the forum members for their ongoing work and support for the summit to date and commented on the scale of interest and engagement in the summit.

The group agreed that the programme should be developed to, inter alia, promote an inclusive and balanced discussion on the role of data in modern society, promote awareness of data privacy and showcase examples of how data can be used to benefit society.

The Data Summit website will go live in March and it was agreed that the forum members would promote the summit through their networks.

An update on progress is to be provided at the next meeting.

Item 6: AOB

There were no matters for discussion raised under AOB.

Item 7: Date of next meeting

It was agreed that the next meeting of the Data Forum will take place on Wednesday, 12 April, at 11am.

Attendance

• Minister for Data Protection, Dara Murphy TD (Chair)
• Seamus Carroll, Department of Justice and Equality
• Rob Corbet, Arthur Cox
• Dr Martyn Farrows, CJ Fallon
• Derek Finnerty, Director, Storm Technology
• Ann Henry, Chair of the IP Committee of the Law Society of Ireland
• Dr Pat O’Hara, National Statistics Board
• Barry Lowry, Chief Government Information Officer
• Mirek Pospisil, LinkedIn
• Rebecca Radloff, Microsoft
• Niamh Sweeney, Facebook
• Conor Gouldsbury, Special Adviser, Department of the Taoiseach
• Adrienne Harrington, Data Protection Unit, Department of the Taoiseach
• Joan Hayes, Data Protection Unit, Department of the Taoiseach
• Kate Flinter, Data Protection Unit, Department of the Taoiseach
• Anne Flanagan, Department of Communications (on the ePrivacy item)
• Aedan Hall, Department of the Taoiseach (on the ePrivacy item)

Introductory remarks

Minister Murphy provided an overview of key developments in the data protection area since the forum last met in February. In particular, he outlined recent developments in relation to the Privacy Shield, including Commissioner Jourová’s meetings with members of the US administration in Washington at the end of March and the first review of Privacy Shield in September.

Following her visit to the US, Commissioner Jourová stated that the key foundations of the deal remain in place. She also said that, as part of the review process, the commission plans to discuss additional protections as well as any relevant developments in US law.

Minister Murphy informed the members that he will be visiting Washington in April to speak on Ireland’s growing role in the transatlantic data economy at the International Association of Privacy Professional’s Global Summit. While in Washington, the minister will be meeting with some of his counterparts in the new administration and he will take this opportunity to reiterate the importance of the Shield, as well as to highlight the work that Ireland is doing in the area of data and data protection.

Item 1: Minutes of meeting of 23 February 2017 and matters arising

The minutes of the meeting of 23 February, 2017, were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: ePrivacy Regulation Proposals – WP29 Opinion

The forum discussed the WP29’s Opinion on the ePrivacy Regulation proposals (circulated in advance). It was noted that the Opinion is generally positive but that it also highlights a number of potential issues particularly regarding how the proposals relate to GDPR and the need to ensure consistency and complementarity in this context.

The Department of Communications, Climate Action and Environment, updated the forum on progress on the proposals and work under way at the European and national level on the proposed regulation, particularly in relation to capturing stakeholder feedback and standardising definitions and so on. The department is carrying out a stakeholder consultation to inform its work on the proposals and invited the members of the forum to provide inputs to this process.

Item 3: Updates

• Data Summit

The Department of the Taoiseach outlined progress on the Data Summit, including the launch of the event website at the end of March, work to finalise the programme of speakers and activities to promote the event nationally and internationally.

In keeping with the overall aims of the event, the department also updated the forum on work under way to ensure that the Data Summit showcases the range of data related activities in Ireland across the public, private and not-for-profit sectors.

Work is under way with a wide range of organisations including the CSO, the Royal Irish Academy, the Digital Youth Council, Science Foundation Ireland, DataKind and Social Innovation Ireland in this regard. Preparations for GDPR will be a core theme of the overall event, with a series of practical workshops on the regulation integrated into the overall programme.

Minister Murphy commented on the excellent line-up of speakers already confirmed and thanked the members of the forum for their ongoing support in organising and promoting the Data Summit.

• Data Protection Bill

The Department of Justice updated the forum on the Data Protection Bill. It is intended that the draft Heads of the Bills will be submitted to government in early May for (i) approval to draft and (ii) submission for pre-legislative scrutiny. The department is aiming to publish the Bill in autumn with a view to enactment by spring 2018.

• WP29 GDPR Work Programme

The forum discussed the WP29’s work programme in relation to GDPR, particularly the publication of guidance on a number of key concepts in the regulation (see below). It was noted that the WP29 has indicated that it will be refreshing its work programme as the year progresses and into 2018. It was agreed that the forum would consider how it might input to this process at its next meeting.

• WP29 April Plenary Session – Press release and adopted guidelines on (i) Right to ‘data portability’, (ii) Data Protection Officers, and (iii) the Lead Supervisory Authority

The forum discussed the guidance adopted by WP29 at its plenary meeting in April (circulated in advance). It was agreed that this guidance is very helpful for organisations as they work to prepare for the regulation coming into effect.

Discussion focused on the designation of lead supervisory authority and the importance of how this will work in practice, particularly in relation to the effective operation of the one-stop-shop model.

It was noted that the WP29 had adopted draft guidance on Privacy Impact Assessments at its April meeting and it was agreed that the secretariat would circulate this to the group as soon as this is made available.

• ODPC GDPR Consultation

The forum welcomed the ODPC consultation in relation to GDPR and the development of guidance on consent, profiling, breach notification and certification which will feed in WP29’s work on these issues

• ODPC Annual Report 2016

The forum noted the publication of the ODPC’s Annual Report for 2016 and welcomed the commissioner’s statement that preparations for GDPR are an absolute priority for the office over the year ahead. The forum also welcomed the office’s ongoing commitment to an engaged approach with organisations under its remit to develop and implement data protection policies that protect the user.

• Opportunities for Ireland in the EdTech sector

Following on from the last meeting of the forum in February, Martyn Farrows updated the forum on the working group established to examine the opportunities for Ireland in the EdTech sector.

Item 4: AOB

No items were raised under AOB

Item 5: Date of next meeting

It was agreed that the date for the next meeting would be set following the Data Summit.

Attendance

• Minister for Data Protection, Pat Breen TD (Chair)
• Seamus Carroll, D/Justice and Equality
• Rob Corbet, Arthur Cox
• Dr Martyn Farrows, CJ Fallon
• David Fennelly, Barrister
• Ann Henry, Chair, IP Committee, Law Society of Ireland
• Prof Rob Kitchin, National Institute of Regional and Spatial Analysis, NUI Maynooth
• Barry Lowry, Government Chief Information Officer
• Ryan Meade, Google (in place of Anne Rooney)
• John O’Connor, Society for Computers and Law and William Fry
• Prof Eoin O'Dell, Trinity College Dublin
• Malgarzata Ferraz, IDA Ireland
• Mirek Pospisil, LinkedIn
• Rebecca Radloff, Microsoft Ireland
• Niamh Sweeney, Facebook
• Eamonn Balmer, Department of Jobs, Enterprise and Innovation
• John Shaw, Department of the Taoiseach
• Adrienne Harrington, Department of the Taoiseach
• Kate Flinter, Department of the Taoiseach

Introductory remarks

Minister Breen introduced himself to the Data Forum and expressed his delight at being assigned responsibility for the data protection brief and his commitment to building on the work undertaken by the forum to date.

Item 1: Minutes of meeting of 12 April, 2017, and matters arising

The minutes of the meeting of 12 April, 2017, were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Under matters arising, there was a short update on the forum working group established to examine the opportunities for Ireland in the EdTech sector. It was agreed that this work would be revisited in more detail at the next meeting.

Item 2: Data Summit - review and next steps

The Department of the Taoiseach presented on the Data Summit; providing a review of the event overall and how it delivered on its objectives as well as key learnings and next steps. This event was co-hosted by the Data Forum and the minister took the opportunity to thank the forum for their work and support on the summit.

The summit was attended by more than 900 people from the public, private, academic and non-profit sectors. Feedback from attendees and partners as well as media coverage of the event has been positive overall. Discussion focused on how the summit was successful in delivering its objectives and it was agreed that the work to ensure a very wide range of partners on the event and to incorporate a strong ‘data for good’ element to the programme had been very beneficial in this regard. It was agreed that the PR programme in the lead-up to and around the summit itself was also key in this context.

There was some discussion of how to build on the summit, including the potential to hold another event in 2018 or to tie in with similar events. It was suggested that such an event could be held in advance of GDPR coming into effect in May 2018 and that it would be beneficial to have greater attendance by EU regulators and policy makers as well as by European business (both large and small companies).

Item 3: GDPR

Sub-items

• general update on GDPR and the Data Protection Bill were taken together.

The Department of the Taoiseach provided an update on preparations for GDPR and the Department of Justice and Equality provided an update on the status of the Bill which is currently at pre-legislative scrutiny stage with hearings on the draft at the Justice and Equality Committee taking place earlier in July. It is expected that the draft Bill will be published in the autumn.

Discussion focused on a number of issues including work at the European level to promote harmonisation in how the regulation is interpreted and applied across the EU. In particular, the forum discussed the challenges around the differing age limits being set as the ‘Digital Age of Consent’ under Article 8 of GDPR. Following a comprehensive consultation process and a review of approaches in other jurisdictions, the Department of Justice is recommending that this be set at 13 in Ireland; a view supported by a number of children’s rights advocates.

The forum also discussed the importance of the one-stop-shop model and the European Data Protection Board working effectively.

• Awareness raising among SMEs

The forum discussed the need to ensure that SMEs are informed and prepared for GDPR. This matter has been considered by the forum previously and the minister invited members to put forward suggestions on what steps need to be taken to build on the work that the Office of the Data Protection Commissioner, Enterprise Ireland and organisations such as the Small Firms Association (SFA) are undertaking; particularly those not involved in organisations such as the SFA.

Item 4: Article 29 Working Party - guidelines and advice

The Department of the Taoiseach provided an overview of papers (circulated in advance) from the Article 29 Working Party (WP29) on Data Processing at Work, the upcoming Privacy Shield Review, the GDPR FabLab, and the letter to European Securities and Markets Authority.

Discussion focused on the Review of the Privacy Shield and the results of the FabLab. In relation to the Privacy Shield, discussion focused on the importance of building on progress to date and providing certainty to both citizens and business around commercial transatlantic transfers of data. In relation to the FabLab, the forum in particular discussed the importance of clear WP29 guidance around consent as set out in GPDR.

Item 5: Membership of the forum

The membership of the forum, established based on an open call for expressions of interest, has now been in place for two years and the group discussed whether it was timely to consider refreshing/expanding the membership to take account of changing roles, developments in data and ensure a balance and so on. As part of this discussion, the forum discussed the possibility of establishing sub-groups or similar to progress specific work programmes, for example, financial services. It was agreed that the secretariat would review options around membership and that the issue would be revisited at a later meeting of the forum.

Item 6: AOB

Legal developments and updates

The Department of the Taoiseach provided a short update on a number of key legal and policy developments which have potentially wide-ranging impacts for data protection.

In relation to the referral of the Nowak case by the Irish Courts to the Court of Justice of the European Union (CJEU); a judgment on whether or not an exam script constitutes personal data is expected by end July.

The Irish High Court is also expected to issue its ruling shortly regarding the possible referral to the CJEU on the validity of SCCs insofar as they relate to EU to US data transfers. There was also some brief discussion of the US Department of Justice’s application for the Microsoft Warrant Case to be heard on appeal by the US Supreme Court.

The Department of the Taoiseach also provided a short overview of the NIS Directive and the National Cyber Security Strategy. There is some crossover with the data/data protection agenda, and it was agreed that the forum would invite the Department of Communications, Climate Action and Environment, which is leading on the cyber-security area, to its next meeting.

Item 7: Date of next meeting

It was agreed that the next meeting of the Forum would take place on Thursday, 12 October.

Attendance

• Minister for Data Protection, Pat Breen TD (Chair)
• Seamus Carroll, D/Justice and Equality
• Rob Corbet, Arthur Cox
• David Fennelly, Barrister
• Dr Patricia O'Hara, Chair, National Statistics Board / Member ESGAB / Adjunct Professor, *NIRSA, NUI Maynooth
• Prof Rob Kitchin, National Institute of Regional and Spatial Analysis, NUI Maynooth
• Anne Rooney, Google
• Prof Eoin O'Dell, Trinity College Dublin
• Niamh Roddy, IDA Ireland
• Mirek Pospisil, LinkedIn
• Niamh Sweeney, Facebook
• Richard Browne, Department Communications, Climate Action and Energy
• Eamonn Balmer, Department of Jobs, Enterprise and Innovation
• John Shaw, Department of the Taoiseach
• Seán Hurley, Department of the Taoiseach
• Kate Flinter, Department of the Taoiseach

Item 1: Minutes of meeting of 12 April, 2017 and matters arising

The minutes of the meeting of 13 July 2017 were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Under matters arising, Minister Breen outlined that subgroup of the forum working on Edtech were not position to present today as agreed at the last meeting, due to work commitments. This item will be taken at a later date.

Item 2: GDPR

Sub-items

• general update on GDPR, the Data Protection Bill and Awareness Raising** were taken together.

D/Taoiseach provided an update on preparations for GDPR and D/Justice provided an update on the status of the Bill.

Discussion focused on a number of issues including the ‘Digital Age of Consent’ and awareness raising activities already under way with a view to identifying gaps, in particular for SMEs and non-profit organisations. It was agreed that the secretariat would circulate the document on awareness- raising with the forum for their feedback and input.

The forum also discussed the importance of the one-stop-shop model and the European Data Protection Board working effectively as well as clarity and consistency across all member states.

Item 3: Cybersecurity

D/CCAE gave an outline of work underway to implement the NIS Directive and Ireland’s approach to cybersecurity. Discussions focussed on work to develop guidance for i) operators of essential services and ii) Digital Service Providers.

Item 4: Legal developments and updates

D/Justice provided a short update on a number of key legal and policy developments which have potentially wide ranging impacts for data protection, including the EU Advocate General’s opinion on the Nowak case and the decision by the Irish Court to refer Standard Contractual Clauses to the CJEU. It was also noted that the first annual review of the Privacy Shield took place in September.

It was agreed to return to ePrivacy at a later meeting of the forum.

Item 5: Follow-up to Data Summit

There was a discussion on a follow up to the Data Summit 2017 and it was agreed that the Subgroup on the Data Summit would meet to develop proposals for a similar event in 2018.

Item 6: Date of next meeting

It was agreed that the Secretariat would circulate a date for the next meeting for early in the new year.

Attendance

• John Shaw, Assistant Secretary, Department of the Taoiseach (Chair)
• Ann Henry, Partner Phillip Lee / Chairperson, Intellectual Property Committee, Law Society of Ireland
• Bill Fadden, Revenue Commissioners, for John Barron
• David Fennelly, Barrister, Law Library
• Dr Martin Farrows, Director of Digital Strategy, CJ Fallon Ltd.
• Dr Patricia O'Hara, Chair, National Statistics Board / Member ESGAB / Adjunct Professor, NIRSA, NUI Maynooth
• Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin
• Harry McCann, Founder and Committee Member, Digital Youth Council
• John Dooley, Department of Business, Enterprise and Innovation
• John O’Connor, Partner, Technology & Data Protection at William Fry / Chair Irish Branch of The Society for Computers and Law.
• Mirek Pospisil, LinkedIn
• Niamh Roddy, Chief Economist, IDA Ireland
• Niamh Sweeney, Head of Public Policy, Ireland, Facebook
• Rebecca Radloff, Head of Legal, Microsoft
• Rob Corbett, Partner, Head of Technology and Innovation Arthur Cox
• Seamus Carroll, Head of Civil Law Reform Division, Department of Justice and Equality
• Barry Vaughan, DoT
• Sean Hurley, DoT
• Joan Hayes, DoT

The chair informed the meeting that Minister of State Breen sent his apologies that he could not attend as he was detained on an international trade mission. The chair also introduced Barry Vaughan, the new Head of the Data Protection Unit in the Department of the Taoiseach, to the forum.

Item 1: Minutes of meeting of 12 October, 2017 and Matters arising

The minutes of the meeting of 12 October 2017 were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: General Data Protection Regulation

Sub-items

• Data Protection Bill 2018 – Next steps and Government Preparedness were taken together.

D/Justice provided and update on the status of the Bill and members congratulated D\Justice on getting the Bill published (amongst the first group of EU countries to do so). Discussion focused on a number of issues including personal liability and administrative fines. There was also discussion on what messaging will be required when the Bill has been successfully passed, for example, Ireland’s position as a thought leader in the area of Data Protection.

D/Taoiseach provided an update on government preparedness for GDPR and also outlined that, while the ODPC would lead in the area of awareness raising, Minister Breen would also undertake an awareness-raising campaign which would include some regional meetings with chambers of commerce and representative bodies.

Martin Farrows updated the meeting on work in the education sector and stressed the need to ensure all schools were aware of their obligations under GDPR.

Item 3: General Update – legal developments

D/Justice provided a short update on a number of key legal and policy developments, including the Nowak case.

D/BEI gave an overview of the work it is doing in relation to the Digital Single Market, including in relation to: Digital Europe, the Digital Agenda, the freeflow of non-personal data, geo-blocking, copyright, ePrivacy, cybersecurity and platforms. D/BEI also informed the Forum that a meeting of the D9 would be held in Dublin in May.

Item 4: Data Summit

D/Taoiseach gave an update on preparations for the Data Summit 2018, including the work of the subgroup on the Data Summit, a draft format for the event and the proposed date of September 2018. Discussions focussed on the potential speakers and topics for discussion at the summit.

It was agreed that there should be a greater European focus to this year’s summit; a greater emphasis on innovation; and that start-up companies should be included on the panels where possible. It was also agreed that summit should be used as an opportunity to market Ireland as a thought leader in the data area.

Item 5: Future Work Programme of the forum

There was a discussion on the future work programme of the forum including on the best use of the expertise of the forum. It was agreed that the secretariat would circulate dates for meetings of the forum for the rest of the year.

Chair: Pat Breen TD, Minister for State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection.

• Ann Henry, Chairperson, Intellectual Property Committee, Law Society of Ireland
• Anne Flanagan, Department of Department of Communications, Climate Action and Environment
• Bill McFadden, Revenue Commissioners
• Brendan Eiffe, Department of Justice and Equality
• Dr Martyn Farrows, Director of Digital Strategy, CJ Fallon Ltd.
• Dr Patricia O'Hara, Chair, National Statistics Board / Member ESGAB / Adjunct Professor, NIRSA, NUI Maynooth
• Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin
• John Dooley, Department of Business, Enterprise and Innovation
• Karen White, Director, Public Policy, Europe, Twitter
• Niamh Roddy, Chief Economist, IDA Ireland
• Niamh Sweeney, Head of Public Policy, Ireland, Facebook
• Rob Corbett, Partner, Head of Technology and Innovation Arthur Cox
• Ryan Meade, Google
• Seamus Carroll, Head of Civil Law Reform Division, Department of Justice and Equality
• Eamonn Bulmer, Department of Business, Enterprise and Innovation
• John Shaw, Assistant Secretary, Department of the Taoiseach
• Barry Vaughan, DoT
• Sean Hurley, DoT
• Sarah Garry, DoT

Meeting Note

The chair informed the meeting that, due to unforeseen circumstance, Richard Browne (D/CCAE) would be unable to attend the meeting and that consequently agenda item 4, the NIS Directive, would be returned to at a future meeting.

Item 1: Minutes of meeting 8 February and matters arising

The minutes of the meeting of 8 February were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: Data Protection Bill 2018 and GDPR preparations

D/Justice provided an update on progress of the Bill through the Oireachtas. A number of amendments are expected for committee stage in the Dáil, including further amendments on the age of consent and claims for damages. The issue of liability for representatives for third country-organisations was also discussed. Given the large foot-print of technology companies in Ireland and the importance of maintaining Ireland’s reputation in the field of data protection, it is the government’s intention to have the Bill enacted before the 25 May deadline.

Item 3: Update on legal developments

D/Justice provided a short update on a number of key legal and policy developments, including the Standard Contractual Clauses case (Schrems), Microsoft Warrant Case and CLOUD Act and possible implications for Ireland.

D/Justice also provided the forum with an update on the EU Commission’s proposal for an E-Evidence Regulation and the possible effects on Ireland given our opt-in/opt-out status.

Item 4: NIS Directive consultation process

As Richard Browne was unable to attend the meeting, this item will be taken at a future meeting.

Item 5: Draft ePrivacy Regulation – update

D/CCAE gave an update on the draft e-Privacy Regulation which is currently being negotiated at EU level. The Members of forum were thanked for their comments on the latest compromise text and the three Bulgarian presidency discussion papers on the matter. Negotiations have slowed but are expected to resume, as other projects are finalised and capacity increases. A further working party meeting is expected and a text may be published in the coming weeks.

Item 6: D9 Event 15 May

D/BEI gave an update on preparations for the D9 event, which will be hosted by Minister Breen in Dublin on 15 May, 2018. Artificial Intelligence will be a central theme to the event which will showcase both the international AI landscape and the Irish AI ecosystem.

Item 7: Data Summit 2018

D/Taoiseach gave an update on preparations for the Data Summit 2018, which will take place on 19 September. A sub-group of the forum are at an advanced stage in developing a programme for the event, which will include a keynote speech from Commissioner Gabriel.

Discussions focussed on the programme for the event and how to ensure there is a greater European focus to the summit. Forum members were asked for suggestions of who might be invited to the summit.

Item 8: AOB

The next meeting of the Data Forum will be held on Wednesday, 11 July, at 11am in Government Buildings.

Chair: Pat Breen T.D., Minister for State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection.

• Ann Henry, Chairperson, Intellectual Property Committee, Law Society of Ireland
• Anne Flanagan, DCCAE
• Barry Lowry, Government CIO, Department of Public Expenditure and Reform
• Bill McFadden , Revenue Commissioners
• David Fennelly, Barrister, Law Library
• Derek Finnerty, Storm
• Donal Flavin, IDA Ireland
• Dr. Patricia O'Hara, Chair, National Statistics Board / Member ESGAB / Adjunct Professor, NIRSA, NUI, Maynooth
• Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin
• Fergal Corcoran , DCCAE
• John O’Connor, Partner, Technology & Data Protection at William Fry / Chair Irish Branch of The Society for Computers and Law.
• Michelle O'Donnell, D/Welfare
• Niamh Roddy, Chief Economist, IDA Ireland
• Niamh Sweeney, Head of Public Policy, Ireland, Facebook
• Rob Corbett, Partner, Head of Technology and Innovation Arthur Cox
• Rob Kitchen, Professor, National Institute of Regional and Spatial Analysis
• Ryan Meade, Google
• Seamus Carroll, Head of Civil Law Reform Division, D/Justice
• John Shaw, Assistant Secretary, Department of the Taoiseach
• Barry Vaughan, DoT
• Sean Hurley, DoT
• Sarah Garry, DoT

Meeting Note

The Chair welcomed Donal Flavin (IDA) to the group and thanked his predecessor Niamh Roddy for her contribution to the Forum and in particular for her help in organising the Data Summit.

Item 1: Minutes of meeting 25th April and Matters arising

The minutes of the meeting of 25th April were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: GDPR update and related issues

D/Justice provided an update on the Data Protection Act that had been enacted. Ireland were among a small number of Member State to have transposed the GDPR ahead of the 25th May deadline. While a number of amendments to existing national laws to make them GDPR compliant were carried out during enactment, work was still ongoing in Departments to make all the necessary amendments.

Discussions focussed on a number of issues including the implications of Brexit on GDPR; the Digital Age of Consent; and how GDPR will interact with international laws such as the US Cloud Act.

Item 3: Data Summit 2018

D/Taoiseach gave an update on preparations for the Data Summit 2018, which will take place on 19 September. Approximately 400 delegates would attend the Summit and the programme was at an advanced stage. D/Taoiseach outlined that there would also be an evening reception the night before the Summit that would include a panel discussion with Helen Dixon (Data Protection Commission), Lucas Ilves (Lisbon Council) and Sridhar Ramaswamy (VP Ads and Commerce Google).

Item 4: NIS Directive Consultation Process

D/CCAE gave an update on the NIS Directive, which was due for national transposition by EU Member States on 9 May 2018. The NIS Directive seeks to achieve a high common level of

security of network and information systems throughout the EU by taking a three-pronged approach: increased EU co-operation; improved cyber security capabilities at a national level; and risk management and reporting obligations for qualifying organisations.

Draft Regulations were with the Office of the Attorney General and were due for debate in the Houses of the Oireachtas in the coming weeks. The final list of designated Operators of Essential Services will be completed by Q4 of 2018.

Discussions focussed on how Ireland compared to other Member States and how the NIS Directive would interact with the work of the National Cyber Security Centre.

Item 5: Digital Single Market Update

D/BEI provided an update on developments in the Digital Single Market including on the meeting of the D9, chaired by Minister Breen, that took place in Dublin in May and Ireland’s improved performance in the Digital Economy and Society Index 2018 report, in which Ireland is now ranked as the 6th most advanced digital economy and society.

Discussions focussed on a number of DSM proposals including the Copyright Directive, E-Privacy Regulation, Platform-to-business, and Telecommunications Regulation Framework. Also discusses was the Digital Europe Programme (DEP), which is a central element of the Commission’s response to the challenge of digital transformation and part of the MFF.

Item 6: National Digital Strategy

D/Taoiseach gave an update on the development of a new National Digital Strategy that will position Ireland to maximise economic and societal benefits from ongoing digitalisation and its transformative effects.

An Inter-Departmental Group has been established to guide the formation of the Strategy and a framework document has been agreed. The next phase will extensive consultation with the public and stakeholders. It is the intention to deliver the National Digital Strategy by the end of the year.

Item 7: AOB

Arrangements for the next meeting of the Data Forum will be forwarded by the Secretariat in due course.

Chair: Pat Breen T.D., Minister for State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection.

• Ann Henry, Chairperson, Intellectual Property Committee, Law Society of Ireland
• Anne Flanagan, DCCAE
• Cathriona Bracken, DSP
• Ciaran Conlon, Microsoft
• Denis Kelleher, LinkedIn
• Donal Flavin, IDA Ireland
• Eamonn Balmer, DBEI
• John O'Connor, Chair, Irish Branch of the Society for Computers and Law
• Niamh Sweeney, Head of Public Policy, Ireland, Facebook
• Rob Corbet, Partner, Head of Technology and Innovation, Arthur Cox
• Ryan Meade, Google
• Seamus Carroll, Head of Civil Law Reform Division, D/Justice
• John Shaw, Assistant Secretary, Department of the Taoiseach
• Barry Vaughan, DoT
• Emily Welton, DoT
• Sean Hurley, DoT
• Sarah Garry, DoT
• Elizabeth Lyne, DoT

Meeting Note

The Chair welcomed Ciaran Conlon (Microsoft) to the group and thanked his predecessor Rebecca Radloff for her contribution to the Forum and in particular for her help in organising the Data Summit.

Item 1: The minutes of the meeting of 19 July were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

Item 2: National Digital Strategy Consultation Process

D/Taoiseach gave an update on the current position of the ongoing National Digital Strategy consultation, which finishes on Friday, 23 November 2018. The strategy is being prepared to position Ireland to maximise economic and societal benefits from ongoing digitalisation and its transformative effects.

Discussions focussed on a number of issues including the areas Ireland should concentrate on in the short and medium term and the possibilities for cyber security, blockchain and increased use of data.

Item 3: Review of Data Summit 2018

D/Taoiseach gave an update on the outcome of the Data Summit 2018, which took place on 19 September 2018. Approximately 400 delegates attended the Summit and feedback received from attendees has been positive.

The Chair reiterated that the success of the Data Summit was heavily dependent on many of the Forum’s members who contributed expertise and resources and paid tribute to members of the Steering Group.

Discussions focussed on what worked well at the Data Summit 2018 and possible improvements that could be made.

Item 4: Brexit and Data Flows

D/Taoiseach gave an overview of the previously circulated paper outlining the various mechanisms to allow transfers between the EU and the UK in the event of the UK leaving the European Union.

Discussions focussed on preparations for, and possible mechanisms available for data transfers with the UK post-Brexit and, in particular, in a ‘no-deal’ scenario.

Item 5: GDPR and related developments

D/Justice provided an update on the Data Protection Act 2018, which has now been in force for almost six months.

Discussions focussed on a number of issues including regulations under the Act and the situation in other member states.

Item 6: Update on D9 meeting, Tallinn

The Chair noted that John Dooley, who was to speak on this item, was unable to attend, but had provided a written update, which highlighted the convergence between the Single Market and the Digital Single Market. D/Taoiseach will circulate the update note after the meeting, for consideration.

Item 7: AOB

D/Justice provided an update on a number of data protection cases currently before the Courts.

Arrangements for the next meeting of the Data Forum will be forwarded by the Secretariat in due course.

For minutes of previous meetings, please contact the Data Protection Team.

Attendance

Chair: Pat Breen T.D., Minister for State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection.

• Aisling McEvoy, SFI
• Ann Henry, Chairperson, Intellectual Property Committee, Law Society of Ireland
• Anne Marie Finlay, D/FA
• Anne Vaughan, Chair, National Statistics Board
• Ashling McEvoy, SFI
• Bill McFadden, Revenue Commissioners
• Caitríona Bracken, D/EASP
• Catherine Slowey, IDA
• Ciaran Conlon, Director of Public Policy, Ireland, Microsoft
• Colin Rooney, Partner, Technology and Innovation Group, Arthur Cox
• David Fennelly, Barrister, Law Library
• Donal Flavin, IDA Ireland
• Eammon Balmer, D/BEI
• Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin
• John Dooley, D/BEI
• John O’Connor, Chair Irish Branch of the Society for Computers and Law.
• Karen White, Director Public Policy, Europe, Twitter
• Mairead McCabe, D/CCAE
• Martyn Farrows, COO, SoapBox Labs
• Nessa McKevitt, D/FA
• Ryan Meade, Google
• Seamus Carroll, Head of Civil Law Reform Division,
• Barry Vaughan, Department of the Taoiseach
• Sean Hurley, Department of the Taoiseach
• Aedan Hall, Department of the Taoiseach
• Sarah Garry, Department of the Taoiseach

Meeting Note

The Chair welcomed Anne Marie Finlay and Nessa McKevitt who joined the group from Brussels for the item on the Future of the Digital Single Market.

The minutes of the meeting of 21 November 2018 were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

1. Digital Summit 2019

D/Taoiseach gave an update on the draft programme and preparations to date for the Digital Summit 2019, previously the Data Summit, which is scheduled to take place on Friday 20 September in the Convention Centre.

2. Future of the Digital Single Market (DSM)

D/FAT gave an overview of the DSM and a possible future agenda for it. Many member-states are of the view that it had, to date, provided a regulatory framework and now it was important to move onto an implementation phase where digital was not seen as a sectoral issue. Other topics of note were how to secure sufficient investment for vital digital technologies and how to open up data.

3. Leading on Ethical Data Research

The Chair invited Catherine Slowey of the IDA and Ashling McEvoy from SFI to give an overview of area and the potential for Ireland. Both bodies had jointly sponsored seminars in this area at which multinationals were linked up with leading research centres. It is hoped to launch an exploratory project and SMEs would have the opportunity to participate

4. GDPR and related developments

D/Justice provided an update on the GDPR, which has now been in force for almost nine months. Discussions focussed on a number of issues including the impact of regulations made under the Act, numbers of complaints to date and the level of resources required by the Data Protection Commission to fulfil its supervisory role.

Members of the Forum enquired about the rationale for the health research regulations being based around explicit consent. The Chair requested that D/Health attend the next Data Forum meeting so that the issue could be discussed in a more comprehensive fashion.

5. Brexit and Data Flows

D/Taoiseach gave an overview of preparations by the Government to address a possible no-deal Brexit. Discussions focussed on preparations made by Government and private sector preparation for post-Brexit and, in particular, in a ‘no-deal’ data transfers.

The Chair opened the meeting by noting the sad passing of Forum member, Derek Finnerty. He expressed the sympathies of the Data Forum members and noted the Forum’s gratitude for Derek’s contribution.

The Chair welcomed Stephanie Anderson from Facebook to the group and thanked her predecessor Niamh Sweeney for her contribution to the Forum and in particular for her help in organising the Data Summit.

The Chair welcomed Tríona Quill and Richard Browne from DCCAE for the items on the Regulation of Harmful Online Content and National Cyber Security Strategy. The Chair also welcomed Teresa Maguire and Peter Lennon of the Department of Health for the item on the Health Research Regulations 2018.

1. Minutes of meeting of 6th March, 2019

The minutes of the meeting of 6 March 2019 were approved and it was agreed that these would be published on the Department of the Taoiseach’s website.

2. National Cyber Security Strategy

The Chair invited Richard Browne of the Internet Policy Division, DCCAE to give an update on the Strategy.

Preparatory work on the Strategy has been ongoing for a number of months, the consultation process concluded on 1st May 2019 and the responses are currently being analysed. A memo on the Strategy is also expected to be brought to Government in July.

The Strategy has three key themes. These are

1. Protect - enquiring about measures necessary to protect critical national infrastructure and taking account of likely future developments;

2. Develop - questioning how to support the development of Cyber Security Skills and the development of best practice including standards;

3. Engage – reaching out internationally to ensure the good governance of the internet as it pertains to cyber-security.

This presentation was followed by a discussion on how to ensure appropriate skills are developed and the ongoing work undertaken by the universities in the State to introduce courses addressing these skills.

3. Regulation of Harmful Online Content

The Chair invited Tríona Quill of the Broadcasting and Media Division, DCCAE to give an update on the recently completed public consultation and the issues arising.

Key themes which arose from the 84 submissions include identifying the services in scope, defining what content is harmful, the appropriate way to manage such content and the optimal structures to do this. DCCAE are currently preparing a response to the submissions and will update the government in June. The Minister of Communications, Climate Action and Environment will then decide the next steps.

DCCAE thanked the forum members for their feedback received during the consultation.

4. Health Research Regulations 2018

The Chair invited D/Health officials to give an overview of Regulations and the reasoning for the requirement for explicit consent of the data subject as a suitable and specific safeguard. They detailed their rationale and the establishment of the Health Research Consent Declaration Committee. This body may allow research in the event that obtaining explicit consent is not possible and where the public interest of doing the research significantly outweighs the need for such consent.

In discussion, Forum members queried the extent upon which explicit consent was being relied. They welcomed the extension of the deadline by which ongoing research would have to have obtained explicit consent or a consent declaration exemption.

5. Digital Summit 2019

D/Taoiseach gave an update on the draft programme and preparations to date for the Digital Summit 2019, which is scheduled to take place on Friday 20 September in the Convention Centre. The Chair thanked the members for their contribution to developing the programme to date and noted that they would be apprised of further developments.

6. GDPR update

The Chair noted that the first anniversary of GDPR took place the previous Saturday. He also informed the Forum of the reappointment by Government of Helen Dixon as head of the Data Protection Commission for a new five-year term.

D/Justice provided an update on the GDPR and its impact over the last year.

D/Taoiseach noted that Government was preparing to intensify its preparations for a no-deal Brexit outcome.

7. AOB

Arrangements for the next meeting of the Data Forum will be forwarded by the Secretariat in due course.

Attendance

Chair: Pat Breen T.D., Minister for State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection.

• Ann Henry, Chairperson, Intellectual Property Committee, Law Society of Ireland
• Anne Rooney, Google
• Barry Lowry, Government CIO, Department of Public Expenditure and Reform
• Barry Vaughan, Department of the Taoiseach
• Caitriona Bracken, D/EASP
• Denis Kelleher, LinkedIn
• Donal Flavin, IDA Ireland
• Eamonn Balmer, D/BEI
• Eoin O’Dell, Associate Professor, School of Law, Trinity College Dublin
• Harry McCann, Founder and Committee Member, Digital Youth Council
• John Dooley, D/BEI
• Karen White, Director, Public Policy, Europe, Twitter
• Lisa O'Connor, Department of the Taoiseach
• Dr. Martyn Farrows, COO, Soapbox Labs
• Peter Lennon, D/Health
• Richard Browne, D/CCAE
• Rob Corbet, Partner, Head of Technology and Innovation Arthur Cox
• Sam Sharps, Apple
• Sarah Garry, Department of the Taoiseach
• Seamus Carroll, Head of Civil Law Reform Division
• Stephanie Anderson, Facebook
• Teresa Maguire, D/Health
• Triona Quill, D/CCAE