Spring Legislative Programme 2024: Data Bills Coming in from the Cold?

The recent publication of the 2024 Spring Legislative Programme for 2024 sees the return of some familiar bills in the area of data protection and data security. Legislation, both at the national and EU level, may seem to be coming thick and fast for organisations required to remain abreast of their obligations, however for three important bills progress is mixed:

There remain a number of other important pieces of legislation in the legislative programme, particularly around access to and retention of data for crime and security purposes. These include:

• Garda Síochána (Powers) Bill: Codification of police powers of search, arrest and detention and procedural rights of suspects through modernising those powers to take into account developments in modern technology. 
• Garda Síochána (Recording Devices) (Amendment) Bill: Provision for retrospective searching of images, which are in the possession of An Garda Síochána using facial recognition technology (FRT) and in relation to specific serious offences, which are subject to a penalty on conviction of up to life imprisonment.
• Communications (Retention of Data) Bill: Will replace the Communications (Retention of Data) Act 2011 to reflect advances in technology and consolidate the law on retention of and access to data for national security and prevention of crime purposes.
• Interception of Postal Packets and Telecommunications Messages (Regulation) (Amendment) Bill: Will amend various pieces of legislation in respect of electronic communications.
• Criminal Justice (Protection, Preservation of and Access to Data on Information Systems) Bill: Gives effect to a number of the provisions of the Budapest Convention on Cybercrime. 

Rounding it off, the Health Information Bill also features. The purpose of this bill is the provision of a robust legislative framework for the processing of health information to support a modern integrated health service, and it will, when enacted, significantly impact information governance in the health sector. 

While data protection, data security and information governance more broadly constitute a significant part of the government’s legislative programme, careful monitoring is needed to know when obligations on organisations will change. It remains to be seen whether these Bills will blossom in Spring.

For more information on any of the bills outlined above, or for general legal advice on data protection, contact Seán O’Donnell or John Anthony Devlin from the ByrneWallace LLP Data Privacy and Data Protection team.