Ireland’s data law enforcement criticised as EU becomes ‘laughing stock’

European Commission unveils new strategy to tip data balance away from US tech giants

Privacy activist Max Schrems: ‘We put these laws forward... but the reality is it’s not enforced.’ Photograph: Nick Bradshaw

Privacy activist Max Schrems: ‘We put these laws forward... but the reality is it’s not enforced.’ Photograph: Nick Bradshaw

 

Ireland’s enforcement of EU data protection laws has been sharply criticised as the European Commission prepares to unveil a strategy to ease the use of big data for innovation and tip the balance of power away from big tech.

The commission is set to propose new rules that would make it easier to use the large volumes of impersonal data generated by the use of technology for productive ends, such as making new discoveries in healthcare by studying population-level patterns, improving mobility and tackling climate change.

But such new rules would be meaningless without enforcement, the privacy activist Max Schrems warned in a joint event discussing the plan with internal markets commissioner Thierry Breton, at which the Austrian campaigner slammed the record of Ireland’s Data Protection Commission (DPC).

“One thing that we see a lot with the GDPR, we put these laws forward, we’re very proud that we’re the masters of fundamental rights and privacy in the world, but the reality is it’s not enforced,” Mr Schrems said at the event hosted by think tank Bruegel.

Right to privacy

“The main regulator in Europe is Ireland. Right now you have the right to privacy under GDPR, but if you want to enforce that in Ireland, statistically only one in a hundred complaints is even looked at. It’s a bit like having a right to vote and only a one in a hundred times your vote is actually looked at – you don’t really have a right to vote.”

“We became a bit of a laughing stock,” Mr Schrems added. “That’s a member states enforcement issue.”

The DPC hit back at the accusations, saying it expected to see a final decision within weeks on the agency’s first case against a US tech multinational – Twitter – in response to a privacy breach the company disclosed in 2019.

“The Irish DPC has received more than 15,000 complaints since the GDPR was introduced in 2018, and 80 per cent of these have been concluded to date,” deputy commissioner Graham Doyle said.

Ireland’s Data Protection Commission has often been accused being too soft on the US tech companies headquartered in Ireland, which it effectively polices for data law compliance on behalf of the EU. Earlier this year, the European Commission warned it could take action against Ireland if it failed to beef up the agency, after a review found it was woefully under-resourced to take on the might of big tech.

Conditional

The commission has indicated it may make access to the single market to global tech giants conditional on making the data their products generate accessible for others to use, as the executive believes data is a future growth industry.

“We have been brave enough to set our rules in the personal data sphere and this is what we need to do now for government and public and industrial data. Set the rules. The European rules,” Mr Breton said on Tuesday. 

“Everyone will be welcome in Europe, that’s extremely important. Provided they respect our rules,” he added. “We don’t have one minute to lose... The battle for industrial data is starting now, and the battlefield may be Europe, so we need to get ready.”