Irish approach to data protection ‘Kafkaesque’, says Schrems
Austrian privacy campaigner says approach is ‘waste of taxpayers’ money’
Privacy activist Max Schrems has been invited to appear on April 27th before the Oireachtas justice committee to discuss his complaint against Facebook’s user-data policies
Austrian privacy campaigner Max Schrems has described Ireland’s approach to protecting European Union citizens’ data as a “Kafkaesque” waste of Irish taxpayers’ money.
Mr Schrems has been invited to appear on April 27th before the Oireachtas justice committee to discuss his complaint against Facebook’s user-data policies, which since 2018 has been in the hands of Ireland’s data-protection commissioner (DPC) Helen Dixon.
The DPC has also been invited to attend the session as well as Johnny Ryan, a senior fellow at the Irish Council on Civil Liberties (ICCL), who has dubbed Ireland’s DPC the “bottleneck” of EU data protection “that will harm national prestige, employment and opportunity”.
A decade after Mr Schrems filed his first complaint against Facebook with the DPC, nearly three years after filing his most recent Facebook complaint, Mr Schrems has told the committee the he believes the DPC had tied up his data transfer case in unnecessary legal knots.
By favouring litigation rather than making a ruling in his case, Mr Schrems said the Irish regulator had been “exposed to well-founded, but entirely avoidable criticism by the courts [and-protection rulebook. Growing impatience by fellow regulators towards the DPC, he claims, “poses economic and reputational risks to Ireland”.
“If other member states start routinely sidestepping the DPC then Ireland will lose its position as a key regulatory location in the global digital economy,” he said. “This will harm national prestige, employment and opportunity.”
In a third written submission, Gerard Rudden, Schrems’s Dublin solicitor, said the DPC’s decision-making procedures were “quite simply not fit for purpose” as they blocked two-way communication on issues via the regulator.
“By not permitting this engagement it follows that the investigator must address all issues before him no matter how tangential,” he added. “This is an utter waste of time and resources.”
With most of the Big Tech companies having located their European headquarters in Dublin, the DPC has become a de-facto regulator for their pan-European data activities.
The Oireachtas interest in the DPC follows growing attention from the European Parliament. Last month Ms Dixon was invited to attend a meeting at the parliament’s civil liberties, justice and home affairs committee. She declined to attend due to the fact that Mr Schrems was also to appear in the same session, and the fact that there has been litigation between the parties.
She told the committee that she was concerned that it had already reached its assessment before talking to the DPC and that she was being “asked to participate in an exercise in an information vacuum”.
In a subsequent resolution, adopted by 483 votes to 96 with 108 abstentions, European Parliament MEPs expressed concern that some DPC cases dating back to 2018 “have not even reached the stage of a draft decision”.
The DPC said it has yet to respond to the Oireachtas invitation.