The Irish Times

Data: The Data Protection Commission (DPC) has rejected claims it is deliberate­ly refusing to regulate big tech firms, or that it is incapable of doing so:

Commission has a poor understand­ing of the GDPR, Oireachtas committee told Data Protection Commission­er Dixon says criticism is unfounded

- CHARLIE TAYLOR

The Data Protection Commission (DPC) has rejected claims it is deliberate­ly refusing to regulate big tech companies, or that it is incapable of doing so.

Speaking before an Oireachtas Joint Committee on Justice, Commission­er Helen Dixon defended the work of the DPC as critics, including Austrian privacy campaigner Max Schrems, called for the organisati­on to be urgently reformed.

Ms Dixon rejected charges made by other speakers during the session – which focused on the General Data Protection Regulation (GDPR) – saying much of it was unfounded.

“Issues relating to the enforcemen­t of the regulation by my office have attracted, and continue to attract, particular and trenchant criticism, much of it directed to the idea that, as an emanation of the Irish State, the DPC is deliberate­ly refusing to regulate – or has deliberate­ly been constitute­d so as to be incapable of it,” Ms Dixon said.

With most of the big tech companies such as Google and Facebook having located their European headquarte­rs in Dublin, the DPC has become a de-facto regulator for their pan-European data activities. However, there have been widespread complaints about delays by the DPC in reaching decisions in investigat­ions.

Ms Dixon criticised both a “superficia­l skimming of the surface” on major issues and “exaggerati­on” by some critics.

She also rebutted criticism regarding the time taken to reach decisions.

“No two cases are the same. At this point in time, a little under three years into the applicatio­n of the regulation, there is as yet little establishe­d case law to guide these evaluation­s and so each review requires first-principles analysis,” she said.

“The complexiti­es of the decision-making involved in the ‘one stop shop’, which multinatio­nals may avail of under the GDPR, means that the pace of delivery is not solely within the domain of the DPC,” Ms Dixon added.

Her comments came as Mr Schrems, who is involved in an ongoing complaint against Facebook’s user data policies, said the DPC “has an extremely poor understand­ing of the material law provisions of GDPR” and, “makes about every procedural mistake you can think of”.

Mr Schrems said that instead of enforcemen­t, “the DPC takes an approach of ‘micro debating’ complaints and ‘negotiatin­g’ compliance with the law instead of enforcing it.”

He said this makes companies even more reluctant to comply, creating what he said was a “spiral of unresolved complaints”.

Reform

Mr Schrems called for the two vacant seats of the commission to be filled by respected experts to improve the quality of decisions. He also urged reform of the DPC’s procedures and the reallocati­on of GDPR fines to ensure it can litigate its cases.

The privacy campaigner noted the high number of complaints that do not reach decision stage, something also noted by Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties. Mr Ryan told the committee the DPC has failed to resolve 98 per cent of cases important enough to be of concern across the EU, and therefore needs to be urgently reformed.

Mr Ryan referred to a “chorus of criticism” against the DPC across Europe with many other jurisdicti­ons circumvent­ing it where possible.

“We have to restore Ireland’s reputation as a regulatory leader,” he said, urging reform.

Also appearing at the session was Fred Logue, a solicitor and data-protection expert. He expressed concern that “inordinate delays” in processing complaints allow controller­s to neutralise them. He also said he believed that understand­ing of the GDPR was “poorly understood” within DPC.

“The eyes of Europe are upon us and so it is important that problems with the DPC are resolved,” Mr Logue said.

The GDPR, which came into effect in May 2018, gives regulators powers to fine companies up to 4 per cent of their global turnover of the previous year or ¤20 million, whichever is greater, for violating the law.

Ms Dixon said the DPC recognises that improvemen­ts have to be made and that processes need to be streamline­d and speeded up. But she added the difficulty it faces is that it has “an enormous range of stakeholde­rs”.

‘‘ Helen Dixon criticised a ‘superficia­l skimming of the surface’ on major issues

 ??  ??

Newspapers in English

Newspapers from Ireland