Photo of Davinia Brennan

The Government has published its legislation programme for Spring 2021. The programme contains 32 bills for publication and prioritisation by the Government.

Key Bills of relevance to the data protection, commercial and technology sector include:

Bills expected to undergo pre-legislative scrutiny  

  • Online Safety and Media Regulation Bill – This Bill will provide for the establishment of a Media Commission (including an Online Safety Commissioner), the dissolution of the Broadcasting Authority of Ireland, a regulatory framework to tackle the spread of harmful online content, and implementation of the revised Audiovisual Media Services (AVMS) Directive 2018/1808. The heads of Bill were published on 9 January 2020, and 8 December 2020. Member States were due to implement the revised AVMS Directive in national law by 19 September 2020, so Ireland has missed this deadline.
  • Hate Crime Bill– This Bill will repeal the Prohibition of Incitement to Hatred Act 1989, to provide for new and aggravated offences, including an offence of incitement. The Heads of Bill are in preparation.


Continue Reading Government publishes Spring Legislative Programme

Photo of Davinia Brennan

The European Data Protection Board (EDPB) recently published new Guidelines to help businesses comply with their obligation to adopt a Data Protection by Design and by Default (DPbDD) approach when processing personal data.

Article 25 GDPR requires controllers to implement appropriate technical and organisational measures and safeguards that provide effective implementation of the data protection principles, and protect data subjects’ rights, by design and by default.  Article 25 prescribes both design and default elements that should be taken into account.

A controller must adopt a DPbDD approach at all stages of developing processing activities, including tenders, outsourcing, development, support, maintenance, testing, storage, deletion, etc.  The importance of complying with the DPbDD obligation is underlined by the fact that it is a factor for competent supervisory authorities to consider when  determining whether to impose an administrative fine and the level of that fine (Article 83(2)(d)).


Continue Reading EDPB publish new guidelines on data protection by design and by default