This is a short article I wrote for the BEERG (Brussels European Employee Relations Group) weekly newsletter on some interesting recent developments on data protection, particularly the criticisms of the Irish Data Protection Commission. Though unconnected, I had a short Twitter exchange with renowned privacy advocate, Max Schrems, on a related topic, a few days later.
In early December one of the five directors at Belgium’s Data Protection Authority (APD/GBA) resigned, citing the same concerns about a “lack of independence” at the authority which the EU Commission had raised several weeks earlier.
In November VRT (public-service broadcaster for the Flemish Community of Belgium) ran a story saying that the European Commission was commencing infringement proceeding against Belgium claiming that:
some members of the APD/GBA cannot currently be considered free from outside influence, as they either report to a management committee dependent on the Belgian government, have participated in government projects for the detection of COVID-19- contacts, or are a member of the Information Security Committee.
This week’s column first appeared on Broadsheet on Monday Oct 18th, the day before the government decided not to proceed with its original plan to lift most of the continuing Covid19 restrictions. I think ministers are making a mistake. They should have focused instead on (a) making life less burdensome for the vaccinated and (b) placing increased pressure on the 300,000 or so un-vaxxed to folks to get vaccinated ASAP. Though I accept full 100% coverage is impossible.
Getting more people to get their shots is what drives the Italian workplace Green Pass system (which I indirectly reference below). I recommend listening to this 17-minute Podcast on the Italian system. It is from my colleagues in BEERG/HRPA.
The idea that the way to stop folks breaking rules is to make more rules is akin to saying if two wrongs don’t make a right… let’s try three.
It is absurd to hear the government talk about not lifting restrictions only days after boasting about our being the Covid resilience world leader.
Yet that’s where we are. You cannot turn on a news show without hearing yet another minister preparing us for the October 22 re-opening not going ahead.
The Taoiseach took it a step further in yesterday’s Sunday Independent. There he hinted that the government had already decided to pause further reopening. As if to sugar coat this failure of policy, Martin sought to comfort us by saying:
“… we are not contemplating going backwards. The only issue facing us now is going forward”
If he is expecting the public to be grateful that we are not going back into lockdown, he will be disappointed.
The government is doing this the wrong way around.
This week’s Broadsheet column, which first appeared online on Sept 13th 2021, looked at the history of the no-confidence motion and concluded that while Minister Coveney and his Fine Gael colleagues had probably done enough to earn the dubious honour of having a no confidence motion tabled against him, it did not deserve to pass… just yet
Johnny Carson famously called Oscar night the time when Hollywood stars put aside their petty rivalries and brought out their major rivalries.
So it is with Motions of No Confidence. Oppositions set aside the boring business of holding ministers and governments to account to solely focus on scoring big political points.
Just like the Oscars, motions of confidence are about ritual and theatricality. This applies to both sides – opposition and government.
Opposition politicians who hope one day to become government ministers act outraged and appalled. Governments ministers, who were once opposition hopefuls, accuse their rivals of base cynicism and partisanship.
The script writes itself. Scroll back through no confidence debates of the past fifty years and you see the same formulaic lines pop up each time, just mouthed by different actors, few of Oscar winning standard.
This week’s column first appeared on Broadsheet.ie on Monday May 17th. I look at the massive ransomware attack on the HSE and the Dept of Health and remind us that experts have been warning for years that government is not taking cyber defence seriously enough.
We risk being the EU’s weakest link on cyber security despite our dependence on the digital economy.
Though I have related this Jeffrey Bernard anecdote here before, it still bears repeating. When Jeffrey Bernard was too “tired and emotional” to submit his weekly column to The Spectator, the editor would place an apologetic line explaining that there was no column that week as: “Jeffrey Bernard is unwell”.
There was also another one. It was longer, but less apologetic and appeared when the editor was feeling less charitable. It read: “Mr Bernard’s column does not appear this week as it remarkably resembles the one he wrote last week”.
Broadsheet’s editor could be forgiven for posting a similar renunciation here, as the discourse on the HSE cyber-attack I propose to put to you is effectively a re-statement of arguments and commentaries I’ve made many times over the past few years.
I have been warning about our failure to take national cyber-security seriously since late 2019. I highlighted it as a sub-plot in this column from Sept 2019 and then expanded on the problem in a column entitled: Pleading No Defence On Cyber Security.
I wrote this article for BEERG‘s weekly newsletter on Sept 23rd. The Newsletter goes to approx 1,000 senior HR professional across the EU and US.
I have been deeply involved in monitoring the development of the data privacy and protection issue since first working on the early legislative passage of the General Data Protection Regulation through the European Parliament and Council. This article features a link to an article I wrote for the EurActiv news-site in late 2012 on the complexity of GDPR’s employee data provisions.
I have added some extra paragraphs in this version that are pertinent to the Irish domestic situation and – not for the first time – I finish an article with my favourite LBJ saying/quote
This was the week when the stark reality of the Schrems II judgement became clear. When the rubber hit the road.
In last week’s BEERG Newsletter I portentously observed that the already complex position around Standard Contractual Clauses (SCCs) and other methods of transferring personal data to the US was about to become more complex. Little did we realise how quickly that would happen.
The Irish Data Protection Commission made a preliminary move to halt Facebook’s use of SCCs to cover the transfer of data from the EU to the US. Facebook has some 400m+ user in Europe. Facebook went to court.
Within days, the text of Facebook’s affidavit to the Irish High Court appeared online. Its contents fueled headline speculation in respected broadsheet newspapers and reputable media outlets that Facebook was threatening to quit the EU unless its concerns were addressed.
This column which looks (eventually) at Ireland’s ongoing political/policy neglect of data protection and cyber security and why the Defence Forces have a vital role to play in defending Ireland’s vital national infrastructure from cyber attacks. This column first appeared on Broadsheet.ie on July 20th 2020
Since I wrote my last Broadsheet column, An Taoiseach Michéal Martin has sacked a cabinet minister and reassigned three junior portfolios. According to his supporters this action, a mere 17 days after his first round of appointments, is proof of An Taoiseach’s cool decisiveness and a major rebuff to those who consider him a self-interested ditherer.
They may well be right, but either way his unplanned reshuffle does afford us the chance to look again at the choices made by An Taoiseach on June 27th and July 1st when he chose his team of senior and junior ministers.
Technically, of course, An Taoiseach did not choose most of them. Martin himself only got to name 5 cabinet and 8 junior ministers. 13 out of the 32 positions to be appointed. The rest, 6 Green and 13 Fine Gael were chosen by their respective party leaders and, we are told, beyond the allocation of portfolios, there was no consultation on the identities of any of those to be named.
So let’s look at some of those decisions. Actually, let’s not.
This column appeared on Broadsheet.ie on September 24th and looks at the current government’s ongoing issues with grasping the critical importance of data and data privacy to our continuing economic growth and development. While the governments response to the Data Protection Commissioner’s findings that it broke its own laws in expanding the scope of Personal Service Cards shows a cavalier attitude to data protection, the total inadequacy of the states response to real cyber-security threats is frightening. The State must immediately given the Defence Forces a lead role in building cyber security capacity and give it the resources right now, including the ability to recruit and train the next generation of cyber security experts.
Twenty years ago (last Sunday) the first ever episode of The West Wing premiered on US TV.
Though anyone who has ever served in government can confirm that The Thick of It or Yes, Minister are more realistic portrayals of life along the corridors of power, The West Wing still represents the ideal, the way we would like to think it is.
This is due, in part, to the excellent characterisations, but it is mainly down to the quality of writing. The dialogue not only fizzed, it was informed by actual policy debates.
There were prescient. Much of it is still cogent despite all that has happened in the intervening two decades.
I have written several times about the developing crisis in Irish Defence policy-making and the impact this is having on morale and retention in the Irish Defence Forces. In this Broadsheet post from June 11th, 2019, I suggest how swapping ministers of state might help in the short-term to start the process of addressing this crisis.
It takes a rare political talent to make the Irish defence brief controversial, yet the hapless Paul Kehoe appears to have somehow managed it.
Stories of declining morale, chronic low pay, skills shortages and personnel retention problems fill the airwaves, and still the crisis worsens. Defence force strength which should today stand at 9,500 has been hovering perilously below 8,500 for months.
The 9,500 figure is itself misleading. The 2000 Defence White Paper set the number at 10,500. The reduction in 2009 to 9,500 was only intended as a temporary measure, yet it has entered the political psyche as some fixed upper limit.
While very little of the blame for these crises attach personally to Kehoe, realpolitik dictates that the time has come for him to move on. Kehoe must go.
This is a brief overview of some data protection issues for business to watch out for in 2018. It first appeared in this week’s BEERG weekly newsletter under the heading: #GDPR – 132 Days to go… but there is a lot more ahead.
Note my GDPR countdown clock to the right (or below on Mobiles) of the screen
Derek Mooney writes: No one needs reminding that the General Data Protection Regulation, 2016/679 (GDPR) the EU’s new pan European data protection law comes into force on May 25 – in 132 days, or 94 business days, (from Jan 12) 2018 will be the year of data protection as everyone -regulatory authorities and individual organisations alike – struggles to get used to the new regime.
Will Data Protection Authorities and individual companies be able to source sufficiently experienced Data Protection Officers to oversee the new laws? And if having the GDPR come into effect in 2018 is not a sufficient strain, you can add the issue of what happens to data transfers to the UK post Brexit?