This is a short article I wrote for the BEERG (Brussels European Employee Relations Group) weekly newsletter on some interesting recent developments on data protection, particularly the criticisms of the Irish Data Protection Commission. Though unconnected, I had a short Twitter exchange with renowned privacy advocate, Max Schrems, on a related topic, a few days later.
In early December one of the five directors at Belgium’s Data Protection Authority (APD/GBA) resigned, citing the same concerns about a “lack of independence” at the authority which the EU Commission had raised several weeks earlier.
In November VRT (public-service broadcaster for the Flemish Community of Belgium) ran a story saying that the European Commission was commencing infringement proceeding against Belgium claiming that:
some members of the APD/GBA cannot currently be considered free from outside influence, as they either report to a management committee dependent on the Belgian government, have participated in government projects for the detection of COVID-19- contacts, or are a member of the Information Security Committee.
This week’s column first appeared on Broadsheet on Monday Oct 18th, the day before the government decided not to proceed with its original plan to lift most of the continuing Covid19 restrictions. I think ministers are making a mistake. They should have focused instead on (a) making life less burdensome for the vaccinated and (b) placing increased pressure on the 300,000 or so un-vaxxed to folks to get vaccinated ASAP. Though I accept full 100% coverage is impossible.
Getting more people to get their shots is what drives the Italian workplace Green Pass system (which I indirectly reference below). I recommend listening to this 17-minute Podcast on the Italian system. It is from my colleagues in BEERG/HRPA.
The idea that the way to stop folks breaking rules is to make more rules is akin to saying if two wrongs don’t make a right… let’s try three.
It is absurd to hear the government talk about not lifting restrictions only days after boasting about our being the Covid resilience world leader.
Yet that’s where we are. You cannot turn on a news show without hearing yet another minister preparing us for the October 22 re-opening not going ahead.
The Taoiseach took it a step further in yesterday’s Sunday Independent. There he hinted that the government had already decided to pause further reopening. As if to sugar coat this failure of policy, Martin sought to comfort us by saying:
“… we are not contemplating going backwards. The only issue facing us now is going forward”
If he is expecting the public to be grateful that we are not going back into lockdown, he will be disappointed.
The government is doing this the wrong way around.
This week’s column first appeared on Broadsheet.ie on Monday May 17th. I look at the massive ransomware attack on the HSE and the Dept of Health and remind us that experts have been warning for years that government is not taking cyber defence seriously enough.
We risk being the EU’s weakest link on cyber security despite our dependence on the digital economy.
Though I have related this Jeffrey Bernard anecdote here before, it still bears repeating. When Jeffrey Bernard was too “tired and emotional” to submit his weekly column to The Spectator, the editor would place an apologetic line explaining that there was no column that week as: “Jeffrey Bernard is unwell”.
There was also another one. It was longer, but less apologetic and appeared when the editor was feeling less charitable. It read: “Mr Bernard’s column does not appear this week as it remarkably resembles the one he wrote last week”.
Broadsheet’s editor could be forgiven for posting a similar renunciation here, as the discourse on the HSE cyber-attack I propose to put to you is effectively a re-statement of arguments and commentaries I’ve made many times over the past few years.
I have been warning about our failure to take national cyber-security seriously since late 2019. I highlighted it as a sub-plot in this column from Sept 2019 and then expanded on the problem in a column entitled: Pleading No Defence On Cyber Security.
This column which looks (eventually) at Ireland’s ongoing political/policy neglect of data protection and cyber security and why the Defence Forces have a vital role to play in defending Ireland’s vital national infrastructure from cyber attacks. This column first appeared on Broadsheet.ie on July 20th 2020
Since I wrote my last Broadsheet column, An Taoiseach Michéal Martin has sacked a cabinet minister and reassigned three junior portfolios. According to his supporters this action, a mere 17 days after his first round of appointments, is proof of An Taoiseach’s cool decisiveness and a major rebuff to those who consider him a self-interested ditherer.
They may well be right, but either way his unplanned reshuffle does afford us the chance to look again at the choices made by An Taoiseach on June 27th and July 1st when he chose his team of senior and junior ministers.
Technically, of course, An Taoiseach did not choose most of them. Martin himself only got to name 5 cabinet and 8 junior ministers. 13 out of the 32 positions to be appointed. The rest, 6 Green and 13 Fine Gael were chosen by their respective party leaders and, we are told, beyond the allocation of portfolios, there was no consultation on the identities of any of those to be named.
So let’s look at some of those decisions. Actually, let’s not.
This week’s Broadsheet.ie column revisits the issue of #CyberSecurity. In it I look at three specific aspects:
The gaps in Ireland’s cyber security strategy and
The critical role the Irish Defence Forces should play in delivering that strategy
The opportunity this presents for Ireland to be a centre of excellence within the EU on cybersecurity
Several times over the past few years I have written about the need for a mature and grown-up public debate on Irish security and defence policy.
It is why the recent initiative by the folks at Slándáil, headed by former Irish Army office, Dr Gerry Waldron is so welcome. Launched at the end of September, Slándáil has set itself the not unambitious task of generating and encourage such informed debate with a two-day policy forum/summit at DCU next February.
While the forum itself will look at a range of global and national factors from the implications of climate change to the future of the Defence Forces and of policing, much of the discussion will focus on contemporary cyber challenges, as Waldron explained in a recent interview with the Irish Times.
The pity is that this awareness of the cyber threat has not yet filtered through those with political responsibility for the defence agenda in government.
This column appeared on Broadsheet.ie on September 24th and looks at the current government’s ongoing issues with grasping the critical importance of data and data privacy to our continuing economic growth and development. While the governments response to the Data Protection Commissioner’s findings that it broke its own laws in expanding the scope of Personal Service Cards shows a cavalier attitude to data protection, the total inadequacy of the states response to real cyber-security threats is frightening. The State must immediately given the Defence Forces a lead role in building cyber security capacity and give it the resources right now, including the ability to recruit and train the next generation of cyber security experts.
Twenty years ago (last Sunday) the first ever episode of The West Wing premiered on US TV.
Though anyone who has ever served in government can confirm that The Thick of It or Yes, Minister are more realistic portrayals of life along the corridors of power, The West Wing still represents the ideal, the way we would like to think it is.
This is due, in part, to the excellent characterisations, but it is mainly down to the quality of writing. The dialogue not only fizzed, it was informed by actual policy debates.
There were prescient. Much of it is still cogent despite all that has happened in the intervening two decades.
This is a brief overview of some data protection issues for business to watch out for in 2018. It first appeared in this week’s BEERG weekly newsletter under the heading: #GDPR – 132 Days to go… but there is a lot more ahead.
Note my GDPR countdown clock to the right (or below on Mobiles) of the screen
Derek Mooney writes: No one needs reminding that the General Data Protection Regulation, 2016/679 (GDPR) the EU’s new pan European data protection law comes into force on May 25 – in 132 days, or 94 business days, (from Jan 12) 2018 will be the year of data protection as everyone -regulatory authorities and individual organisations alike – struggles to get used to the new regime.
Will Data Protection Authorities and individual companies be able to source sufficiently experienced Data Protection Officers to oversee the new laws? And if having the GDPR come into effect in 2018 is not a sufficient strain, you can add the issue of what happens to data transfers to the UK post Brexit?