Data Protection Commission ‘acutely strained’ by big tech cases
Agency warns multinationals have ‘disproportionate resources’
Data Protection Commissioner Helen Dixon: warned that the DPC’s ability to operate effectively was affecting Ireland’s “credibility on the world stage” and that a well-resourced regulator was now a “national and immediate imperative”. Photograph: Conor McCabe Photography
The Data Protection Commission warned it was “acutely strained” as it grappled with cases involving giant multinational tech companies and rising complaints from members of the public.
The agency also said it faced an uphill battle as it investigated big technology firms who had access to “disproportionate resources” to fight their corner.
They said the commission was now frequently accused of lengthy delays in its investigations because they were limited in the amount of inquiries they could progress at any one time.
The warnings were contained in a stark pre-budget submission, where the agency pleaded for extra manpower, financing, and a “fit-for-purpose management and organisation structure”.
The record has been made public just as the European Court of Justice issued an opinion on Wednesday that privacy complaints could be taken against tech giants in any EU state, and not just Ireland.
The Data Protection Commissioner had warned its ability to operate effectively was affecting Ireland’s “credibility on the world stage” and that a well-resourced regulator was now a “national and immediate imperative”.
A copy of the submission – released under Freedom of Information – said: “The reason for this request is driven by need, as opposed to any sense of self-aggrandisement on the part of the DPC.”
It said the international reputation of Ireland was now frequently under attack because of perceived weaknesses in the agency.
“Ireland’s support of its regulator has frequently – and unfairly – been cited as evidence of an overall laxity and linked to a national approach to attracting foreign investment,” said the document.
It said while these views were inaccurate, there was a danger they were becoming a “dominant ideology” that Ireland would have to deal with.
In the budget, the Data Protection Commission ended up receiving just over half of the €4.16 million it had sought to bolster its resources. It was the second year in a row in which the DPC allocation fell far short of what was sought; in 2019, they were granted just €1.6 million of the €5.9 million they looked for.
The pre-budget submission said Ireland’s role as de-facto regulator for Europe had been “thrust upon [US]” because of the number of multinationals based here. “Regardless of whether Ireland’s regulatory importance is considered a benefit or not, the fact remains that it is a reality,” it said.
It also warned that increased workload brought about by Brexit created a new exposure to “reputational risk” as they dealt with data sharing between Ireland and the UK.
In a statement, the Data Protection Commission said they had very much welcomed the increased funding awarded in last year’s budget. They said: “[we are] at the frontline of EU data protection regulations and the increased funding provided . . . in what are very difficult economic times, is vital for the DPC to continue to build its capacity as an internationally respected and effective supervisory authority.
“We very much welcome the fact that the Government has listened and understood the need to adequately resource regulation in this area.”