Ireland needs to appoint two more Data Protection Commissioners to address a massive backlog in GDPR complaints.
The Irish Council of Civil Liberties (ICCL) has today published a report warning that Ireland has become ‘Europe’s Wild West’ in terms of data protection.
It warns that Europe’s enforcement of GDPR regulations against big tech companies is “paralysed" by Ireland’s failure to deliver draft decisions on major cross-border cases.”
Because international companies like Google, Facebook, Apple, and Microsoft have their European headquarters here, Ireland Data Protection Commissioner (DPC) is the lead EU regulator responsible for ensuring they follow the law.
The DPC has come in for heavy criticism for its failure to act on major cases since GDPR was enacted and today's ICCL report finds that 98% of the 'cases of European significance' that have been referred to the DPC remain unresolved.
It notes that, because other enforcers around Europe have no authority over the tech companies headquartered in Ireland, they “remain effectively out of the reach of the law.”
On The Pat Kenny Show this morning, the author of the report, ICCL Senior Fellow Dr Johnny Ryan said the situation was “paralysing” the enforcement of privacy regulations around Europe.
“In three years since GDPR was brought in, there have been 164 cases where Ireland had responsibility to come up with a draft decision and share it with European counterparts,” he said.
“In those three years, our enforcer, the DPC produced four – now that is 2%
“The rest of Europe is waiting for 98% of our caseload and that means that, unfortunately, at the moment, there is a paralysis in this GDPR.
“Let me just say a word about the GDPR. It probably is in people’s minds is a nuisance but actually, we all know there is a problem online and GDPR is there to protect us.”
Dr Ryan said he personally made a GDPR complaint to the DPC three years about online advertising practices which, he insisted, highlighted the “biggest data breach ever recorded.”
He said it took the DPC 11 months to announce an investigation and now, more than 1,000 days after the complaint was made, the enforcer has yet to produce a statement of issues describing what it plans to investigate.
“Now that is just one case, and we are talking about 160 cases.
“Ultimately what we are talking about here is a wild west online. There is this feeling that people are clicking away and they don’t know what is happening, but it is not our job as citizens to actually care. It is the enforcer’s job to protect us.”
He said the ICCL is calling for Ireland to hire two additional Data Protection Commissioners to tackle the caseload backlog.
“What we are very keen to see is that the DPC is strengthened and reformed,” he said. “That is absolutely essential. Now very luckily, on June 22nd the Oireachtas Justice Committee published a report on exactly this and called for exactly the same things we have been calling for.
“First Government needs to launch an independent review of the DPC to determine how to strengthen and reform it and second the minister needs to use her power to appoint two additional Data Protection Commissioners.
“The caseload needs to be addressed. We need three people at the top.”
You can listen back here: