Your feedback can help us improve and enhance our services to the public. Tell us what matters to you in our online Customer Satisfaction Survey.
List of abbreviations
Definitions of Terms
Establishment of the Parties
The Role of the Parties
Context and Background
Purpose of the Memorandum of Understanding
Responsibilities of Each Party
Legal Background
Data Transfer, Security, and Storage
Joint Liaison Group
Duration and Review of the Memorandum of Understanding
This Memorandum of Understanding is made on 21st December 2023 between The Central Statistics Office (CSO), Skehard Road, Cork, T12 X00E and The Department of Children, Equality, Disability, Integration, and Youth (DCEDIY), Block 1, Miesian Plaza, 50-58 Lower Baggot Street, Dublin 2, D02 XWI4
| ADC | Administrative Data Centre |
| AEYSP | Annual Early Years Sector Profile |
| BOTP | Beneficiaries of Temporary Protection |
| CSO | Central Statistics Office |
| DCEDIY | Department of Children, Equality, Disability, Integration and Youth |
| DPO | Data Protection Officer |
| ECCE | Early Childhood Care & Education |
| JLG | Joint Liaison Group |
| MoU | Memorandum of Understanding |
| NCS-EYP | National Childcare Scheme - Early Years Platform |
| “Act” | The Statistics Act, 1993 |
| “2018 Act” | The Data Protection Act, 2018 |
| “Breach” |
Has the meaning assigned by Article 4(12) of the General Data Protection Regulation (GDPR) |
| “Controller” | Has the meaning assigned by Article 4(7) of the GDPR. |
| “Data” | Departmental Data, held by the CSO, as received from the DCEDIY and Pobal |
| “Personal Data” | Has the meaning assigned by Article 4(1) of the GDPR |
| “Processing” | Has the meaning assigned by Article 4(2) of the GDPR |
The CSO was established in 1949 and became a statutory body in 1994, under the Statistics Act, 1993 (the ‘Act’).
The DCEDIY is a Department of the Government of Ireland.
The functions of the CSO are set out in the Act. In particular Section 10 states that the functions of the Office are the collection, compilation, extraction, and dissemination for statistical purposes of information relating to economic, social, and general activities and conditions in the State. The CSO has the authority to co-ordinate official statistics compiled by public authorities to ensure, in particular, adherence to statistical standards and the use of appropriate classifications and has the authority to assess the statistical potential of the records maintained by public authorities and to ensure that the potential is realised. Furthermore, the Office has legal obligations regarding the development, production, and dissemination of European statistics under Regulation. 223/2009.
The DCEDIY deals with policy and service developments relating to a number of very important groups in society. It seeks to co-ordinate and develop key actions across Government relating to children and young people. It also works on issues relating to some of our most vulnerable groups, including children at risk, children in the care of the State, and other vulnerable, minority, and disadvantaged groups. It emphasises inclusivity and support in the area of equality. It is responsible for international protection accommodation for those seeking asylum in Ireland and for disability services. The Department also deals with a range of important legacy issues from Ireland’s past. Finally, it deals with a large range of issues that are universal to society, including early learning and are for children, prevention and early intervention services, and support and advice for parents.
The DCEDIY has appointed Pobal as the Scheme Administrator for the Annual Early Years Sector Profile (AEYSP), Early Childhood Care & Education (ECCE), and National Childcare Early Years Platform (NCS-EYP) schemes. Pobal, a company limited by guarantee with the registration number 194360, was established in 1992 by the Government of Ireland.
The DCEDIY is also controller for personal data processed in connection with the provision of accommodation to Beneficiaries of Temporary Protection (BOTP) as a result of the Ukraine crisis. This data is currently held on the Department’s ePASS database.
Section 30 of the Act provides that for the purpose of assisting the Office in the exercise of its functions, the Director General of the CSO may by delivery of a notice request any public authority to provide the Office with copies of records in its charge.
Public authorities shall comply with any such request free of charge.
The purpose of this MoU is to clarify the roles and responsibilities of, as well as the areas of cooperation between, the CSO and the DCEDIY with regard to AEYSP, ECCE, NCS-EYP, and BOTP Accommodation Data (the ‘Data’).
This agreement is a MoU and is not intended to create binding or legal obligations on either Party. The MoU is entered into on the understanding that it is subordinate to the relevant legislation, set out below under ‘Legal Background’, governing each Party.
This MoU also sets out a shared understanding of the parties in relation to data protection issues that may arise and roles relating to the compilation, transfer and use of this data. The processing of personal data of data subjects is governed by the Act, and the Data Protection Act 2018 (the ‘2018 Act’) ‘and the GDPR.
The controller for personal data is the DCEDIY. When the Data is transferred to the CSO, the CSO becomes the controller for the data file that it holds. The DCEDIY remains the controller for the data file that it holds. It follows then that it is the responsibility of the CSO to report any Breach relating to the data it holds.
In the event of a Breach relating to BOTP Accommodation Data, the CSO will inform the Data Protection Officer (DPO) of the DCEDIY. In the event of a breach relating to AEYSP, ECCE, or NCS-EYP Data, the CSO will inform the DCEDIY and Pobal DPOs. In such cases, the CSO will also inform the DCEDIY (and Pobal, as appropriate) via the Joint Liaison Group (JLG). Such notifications will be made within 24 hours. In addition, the CSO will also refer to its own breach procedures. The DCEDIY (and Pobal) will not be held responsible for any loss, damage or injury caused as a result of such a breach.
In the event of a Breach relating to the Data, the CSO will inform the DCEDIY (and Pobal, as appropriate) through the JLG, in advance, of any decision to issue a public statement in relation to the breach. Similarly, the DCEDIY (and Pobal, as appropriate) will inform the CSO through the JLG, in advance, of any decision to issue a public statement in relation to the breach.
The DCEDIY (and Pobal) will not provide additional data or operational support in respect of the notification of data subjects in the event of a breach relating to CSO data.
Transfer and processing of the Data shall be done in accordance with the Act, 2018 Act, GDPR, European Union law, and in accordance with the CSO’s Code of Practice, in particular its protocol on data matching where one or more datasets originate from outside of the CSO.
The transfer and processing of the data is covered by, inter alia, the following provisions:
It is envisaged that Pobal, on behalf of the DCEDIY, will supply one copy of the AEYSP, ECCE, and NCS-EYP Data on a monthly basis; however, this may change depending on statistical needs.
It is envisaged that the DCEDIY will supply one copy of the BOTP Accommodation Data on a monthly basis; however, this may change depending on statistical needs.
Data will be retained, securely stored, and processed by the CSO in accordance with CSO and Administrative Data Centre Data Policies.
Pobal, on behalf of the DCEDIY, and the DCEDIY itself will provide the CSO with the data in agreed formats. Information on data formats and delivery frequency shall be provided by Pobal and the DCEDIY in respect of the data files schedule. In accordance with CSO policies on the control of data the CSO will not copy this data onto removable media (including laptop computers) unless appropriate security provisions are in place (i.e., encryption and password access) and there is an agreed business need to do so, in which case the CSO will inform the DCEDIY and Pobal of such need via the JLG.
A DCEDIY-CSO Joint Liaison Group (JLG), to include Pobal, will be convened, in accordance with the CSO’s standard Data Governance Framework. The JLG will oversee the data sharing as agreed between the parties and summarised in this MoU.
The Terms of Reference (ToR) for the JLG will be agreed between the DCEDIY, Pobal and the CSO. The ToR will cover, amongst other things, membership of the JLG, frequency of meetings and scope of the JLG. Changes to the ToR must be jointly agreed by both parties.
This MoU will be published on the CSO website (www.cso.ie), the DCEDIY website (www.gov.ie), and the Pobal website (www.pobal.ie).
This MoU will remain in force until a new one is entered into or either the CSO or the DCEDIY revoke it. Depending on events, this MoU may be amended, subject to the mutual agreement of the DCEDIY and the CSO.
This MoU will be reviewed biennially by the both the DCEDIY and the CSO. Any changes to the MoU shall only be made with the mutual agreement of the DCEDIY and CSO.
| Signed | Signed |
|---|---|
| Padraig Dalton | Kevin McCarthy |
|
Central Statistics Office Pádraig Dalton Director General |
Department of Children, Equality, Disability, Integration, and Youth Kevin McCarthy Secretary General |
| Date: 21/12/2023 | Date: 09/01/2024 |