Data sharing and governance act 2019
Act Number | 5 |
Enactment Date | 04 March 2019 |
| ||
| ||
Number 5 of 2019 | ||
| ||
DATA SHARING AND GOVERNANCE ACT 2019 | ||
| ||
CONTENTS | ||
PART 1 | ||
Preliminary and General | ||
1. Short title and commencement | ||
2. Definitions | ||
3. Regulations and Orders | ||
4. Expenses | ||
PART 2 | ||
Application of Act | ||
5. Application of Act to special categories of personal data | ||
6. Interaction with Data Protection Acts and General Data Protection Regulation | ||
7. Interaction with Social Welfare Consolidation Act 2005 | ||
8. Interaction with other enactments | ||
9. Data-sharing: meaning | ||
10. Public body: meaning | ||
11. Deceased persons | ||
12. Exclusions | ||
PART 3 | ||
Regulation of Data-sharing | ||
13. Data-sharing: requirements | ||
14. Directions | ||
PART 4 | ||
Data-sharing Agreements | ||
15. Application (Part 4) | ||
16. Obligation to enter into data-sharing agreement | ||
17. Formal requirements | ||
18. Accession to data-sharing agreement | ||
19. Content of data-sharing agreement | ||
20. Review of operation of data-sharing agreement | ||
21. Lead agency | ||
22. Cessation | ||
PART 5 | ||
Public service information | ||
23. Definitions (Part 5) | ||
24. Application (Part 5) | ||
25. Administration of Single Public Service Pension Scheme | ||
26. Administration of pre-existing public service pension schemes | ||
27. Public service policy analysis | ||
28. Information requests | ||
29. Data protection impact assessment | ||
30. Anonymisation | ||
31. Pension scheme information systems | ||
32. Transparency | ||
PART 6 | ||
Business Information | ||
33. Definitions (Part 6) | ||
34. Application (Part 6) | ||
35. Allocation of unique business identifier number | ||
36. Disclosure of business information | ||
PART 7 | ||
Base Registries | ||
37. Designation of base registry | ||
38. Base registry owner | ||
39. Processing of information | ||
40. Terms of service | ||
41. Access to information | ||
42. Obligation to use base registry | ||
PART 8 | ||
Personal Data Access Portal | ||
43. Application (Part 8) | ||
44. Establishment of personal data access portal | ||
PART 9 | ||
Data Governance | ||
Chapter 1 | ||
Data Governance Board | ||
45. Appointment of Board | ||
46. Functions of Board | ||
47. Membership of Board and related matters | ||
48. Committees | ||
49. Disqualification from membership of Board | ||
50. Resignation from membership | ||
51. Casual vacancies | ||
52. Reporting | ||
Chapter 2 | ||
Review of Data Sharing Agreements | ||
53. Definitions (Chapter 2) | ||
54. Exclusions (Chapter 2) | ||
55. Public consultation | ||
56. Submission of documentation and information to Board | ||
57. Review of data-sharing agreement | ||
58. Amendments following review | ||
59. Execution of agreement | ||
60. Publication | ||
61. Effective date of agreement | ||
62. Time periods and documentation | ||
Chapter 3 | ||
Governance | ||
63. Application (Chapter 3) | ||
64. Rules, procedures and standards | ||
65. Guidelines | ||
66. Model agreements | ||
67. Publication of regulations and guidelines | ||
68. Compliance report | ||
PART 10 | ||
Miscellaneous | ||
69. Prohibition on requests for certain documents | ||
70. Specification of information | ||
71. Provision of information on data-sharing | ||
72. Amendment of Act of 1997 | ||
73. Amendment of Ministers and Secretaries (Amendment) Act 2011 | ||
74. Amendment of Social Welfare Consolidation Act 2005 | ||
75. Amendment of National Shared Services Office Act 2017 | ||
SCHEDULE | ||
Bodies to which definition of “public body” does not apply | ||
| ||
Acts Referred to | ||
Civil Partnership and Certain Rights and Obligations of Cohabitants Act 2010 (No. 24) | ||
Civil Registration Act 2004 (No. 3) | ||
Civil Service Regulation Act 1956 (No. 46) | ||
Communications Regulation (Postal Services) Act 2011 (No. 21) | ||
Companies Act 2014 (No. 38) | ||
Comptroller and Auditor General Acts 1866 to 1998 | ||
Copyright and Related Rights Act 2000 (No. 28) | ||
Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (No. 6) | ||
Criminal Justice (Terrorist Offences) Act 2005 (No. 2) | ||
Criminal Law Act 1976 (No. 32) | ||
Data Protection Act 2018 (No. 7) | ||
Data Protection Acts 1988 to 2018 | ||
Education Act 1998 (No. 51) | ||
Education and Training Boards Act 2013 (No. 11) | ||
Electronic Commerce Act 2000 (No. 27) | ||
Employment Equality Act 1998 (No. 21) | ||
European Parliament Elections Act 1997 (No. 2) | ||
Family Law (Divorce) Act 1996 (No. 33) | ||
Family Law Act 1995 (No. 26) | ||
Interpretation Act 2005 (No. 23) | ||
Irish Human Rights and Equality Commission Act 2014 (No. 25) | ||
Local Government Act 2001 (No. 37) | ||
Ministers and Secretaries (Amendment) Act 2011 (No. 10) | ||
National Shared Services Office Act 2017 (No. 26) | ||
Offences against the State Acts 1939 to 1998 | ||
Public Service Pay and Pensions Act 2017 (No. 34) | ||
Public Service Pensions (Single Scheme and Other Provisions) Act 2012 (No. 37) | ||
Public Service Superannuation (Miscellaneous Provisions) Act 2004 (No. 7) | ||
Statistics Act 1993 (No. 21) | ||
Taxes Consolidation Act 1997 (No. 39) | ||
Vital Statistics and Births, Deaths and Marriages Registration Act 1952 (No. 8) | ||
| ||
| ||
Number 5 of 2019 | ||
| ||
DATA SHARING AND GOVERNANCE ACT 2019 | ||
| ||
An Act to provide for the regulation of the sharing of information, including personal data, between public bodies; to provide for the regulation of the management of information by public bodies; to provide for the establishment of base registries; to provide for the collection of public service information; to establish the Data Governance Board; to amend the Taxes Consolidation Act 1997 ; to amend the Social Welfare Consolidation Act 2005 ; to amend the Ministers and Secretaries (Amendment) Act 2011 ; to amend the National Shared Services Office Act 2017 ; and to provide for related matters. | ||
[4th March, 2019] | ||
Be it enacted by the Oireachtas as follows: | ||
PART 1 Preliminary and General | ||
Short title and commencement |
||
1. (1) This Act may be cited as the Data Sharing and Governance Act 2019. | ||
(2) This Act shall come into operation on such day or days as the Minister may by order or orders appoint either generally or with reference to any particular purpose or provision and different days may be so appointed for different purposes or different provisions. |
||
Definitions |
||
2. In this Act— | ||
“Act of 1997” means the Taxes Consolidation Act 1997 ; |
||
“Act of 2005” means the Social Welfare Consolidation Act 2005 ; |
||
“Act of 2014” means the Companies Act 2014 ; |
||
“base registry” means a database which is designated as such in an order made under section 37 (1); |
||
“base registry owner” means a public body specified as such in respect of a base registry in an order made under section 37 (1); |
||
“Board” has the meaning assigned to it by section 45 (1); |
||
“company” means a company formed and registered under the Act of 2014 or an existing company within the meaning of that Act; |
||
“controller” has the same meaning as it has in the General Data Protection Regulation; |
||
“data protection impact assessment” means an assessment carried out for the purposes of Article 35 of the General Data Protection Regulation; |
||
“data protection law” means— |
||
(a) the Data Protection Acts 1988 to 2018, |
||
(b) the General Data Protection Regulation, |
||
(c) all law of the State giving further effect to the General Data Protection Regulation, and |
||
(d) all law of the State giving effect or further effect to Directive 2016/680; |
||
“data protection officer” in respect of a public body, means the person designated in accordance with Article 37 of the General Data Protection Regulation; |
||
“data-sharing” shall be construed in accordance with section 9 ; |
||
“data-sharing agreement” means an agreement between two or more public bodies which provides for the disclosure of information by one or more of the parties to the agreement to one or more of the other parties to the agreement; |
||
“data subject” has the same meaning as it has in the General Data Protection Regulation; |
||
“database” has the same meaning as it has in the Copyright and Related Rights Act 2000 ; |
||
“Directive 2016/680” means Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA1 ; |
||
“enactment” has the same meaning as it has in the Interpretation Act 2005 ; |
||
“General Data Protection Regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC2 ; |
||
“information” includes data; |
||
“information system” has the same meaning as it has in the Electronic Commerce Act 2000 ; |
||
“lead agency” has the meaning assigned to it by section 21 ; |
||
“Minister” means the Minister for Public Expenditure and Reform; |
||
“personal data” has the same meaning as it has in the General Data Protection Regulation; |
||
“prescribed” means prescribed by regulations made by the Minister under section 3 (1); |
||
“processing” has the same meaning as it has in the General Data Protection Regulation; |
||
“public body” shall be construed in accordance with section 10 ; |
||
“public service pension scheme” has the same meaning as it has in Part 4 of the Public Service Pay and Pensions Act 2017 ; |
||
“special categories of personal data” means information referred to in Article 9(1) of the General Data Protection Regulation. |
||
Regulations and Orders |
||
3. (1) The Minister may by regulations provide for any matter referred to in this Act as prescribed or to be prescribed. | ||
(2) Without prejudice to any provision of this Act, regulations under this section may contain such incidental, supplementary and consequential provisions as appear to the Minister to be necessary or expedient for the purposes of the... |
To continue reading
Request your trial