Emily O’Reilly opens inquiry into European Commission policing of GDPR in Ireland

EU ombudsman acts after complaint from the Irish Council for Civil Liberties

EU ombudsman Emily O’Reilly has opened an inquiry into the European Commission’s failure to act against the State over the pace of big tech investigations.

The move comes on foot of a complaint lodged by the Irish Council for Civil Liberties (ICCL) with the ombudsman late last year.

Johnny Ryan, senior fellow at the ICCL, lodged the complaint having previously written to commissioner for justice Didier Reynders last September, saying the commission had a duty as the guardian of EU treaties to see that the General Data Protection Regulation (GDPR) – the data protection law – was properly applied.

The ICCL, a major critic of the Irish Data Protection Commission (DPC), had claimed that 98 per cent of significant complaints about privacy infringements remained unsolved, a claim disputed by the organisation.

In her letter to commission president Ursula von der Leyen confirming the new inquiry, Ms O'Reilly said it was "appropriate to ask the commission to provide a detailed and comprehensive account of the information that it has so far collected to inform itself as to whether the GDPR is applied in all respects in Ireland. "

Inadequate

“Public bodies, along with civil society organisations, report that the application of the GDPR in Ireland is inadequate, whereas the commission’s recent reply to the complainant in this case appears to suggest that there is no evidence of this,” she said.

“Questions are bound to arise in the minds of citizens if different factual accounts circulate regarding the implementation of this important legislation,” she wrote.

The GDPR, which came into effect in May 2018, gives regulators powers to fine companies up to 4 per cent of their global turnover of the previous year or €20 million, whichever is greater, for violating the law.

With most of the big tech companies such as Google and Facebook having located their European headquarters in Dublin, the DPC has become a de facto regulator for their pan-European data activities. However, there have been widespread complaints about delays in the DPC reaching decisions in investigations.

Latest Stories