The Irish Times
Data regulator must be urgently reformed, claims civil liberties group
The Data Protection Commission (DPC) has failed to resolve 98 per cent of cases important enough to be of concern across the EU and needs to be urgently reformed, the Irish Council for Civil Liberties (ICCL) is to tell an Oireachtas committee today.
In an opening statement due to be made to TDs and Senators, Dr Johnny Ryan, a senior fellow at the ICCL, says the commission is the “bottleneck” of General Data Protection Regulation (GDPR) investigations of tech giants across the EU.
“In the three years since the GDPR was applied, the DPC asserted its lead role in 196 cases, but delivered decisions in only four,” he says.
“Systematic infringement of fundamental rights go unchecked by the DPC,” Dr Ryan adds.
In his opening statement, he reiterates his argument that the commission’s failure to uphold the rights of European citizens “creates economic and reputational risks for Ireland”.
Dr Ryan is among a number of speakers due to appear before the Oireachtas Joint Committee on Justice.
Also appearing is Austrian privacy campaigner Max Schrems, who will discuss, among other things, the GDPR. The legislation, which came into effect in May 2018, gives data regulators powers to fine companies up to 4 per cent of their global turnover of the previous year or ¤20 million, whichever is greater, for violating the law.
Mr Schrems will also be discussing his ongoing complaint against Facebook’s user data policies. He recently described Ireland’s approach to protecting EU citizens’ data as a “Kafkaesque” waste of Irish taxpayers’ money.
With most of the big tech companies such as Google and Facebook having located their European headquarters in Dublin, the DPC has become a de facto regulator for their pan-European data activities. However, there have been widespread complaints about delays by the commission in reaching decisions in investigations.
The ICCL in its opening statement urges the Government to intervene to ensure the State meets its GDPR obligations. It has called for the appointment of two additional data protection commissioners and to designate a chair. It also wants to see an independent review established on how to reform the commission.
Representatives from the commission are also expected to appear at the committee today, as will solicitor Fred Logue.