Irish regulator will oversee Google’s European GDPR compliance
Data Protection Commissioner now responsible for ensuring both search giant and Facebook are compliant on data privacy
Data Protection Commissioner Helen Dixon was in Brussels for the first board meeting of the new European Data Protection Board (EDPB). Photograph: Dave Meehan
Several complaints have already been made to data commissioners around the EU, including a number from Max Schrems, the Austrian serial litigator. Photograph: Joe Klamar/AFP/Getty Images
Google has notified Ireland’s data protection commissioner that she will be responsible for overseeing its European data privacy compliance.
As the EU’s General Data Protection Regulation (GDPR) came in to force on Friday, Ireland’s Data Protection Commission (DPC) becomes responsible for overseeing some of the world’s largest digital companies’ European operations. Google joins Facebook and other giants whose European “place of central administrations” are located in Dublin.
Data Commissioner Helen Dixon said in Brussels that she had received a letter from Google on Thursday and acknowledged the huge challenge her office faces.
The search giant has consistently maintained until now that its place of main establishment was its Mountain View headquarters in California. It was unclear on Friday if the decision to locate a European place of main establishment will have knock-on effects on the company’s corporate structure.
The decision comes as several complaints have already been made to data commissioners around the EU, including a number from Max Schrems, the Austrian serial litigator. These will be forwarded to Dublin which is the “lead supervisory authority” in cases involving companies based in Ireland.
Ms Dixon said she will be able to avail of staff from other data commissioners to assist her Irish team in complex cases. Several of them had been in touch to express their willingness to help out if necessary.
She added that Facebook had not consulted her office over its decision to relocate the terms of service for 1.5 billion non-EU based subscribers from Ireland out of the EU to avoid the need for compliance with GDPR.
Ms Dixon was in Brussels for the first board meeting of the new European Data Protection Board (EDPB), a creature of the GDPR which will co-ordinate the work of the 28 national authorities and set guidelines to maintain consistent, binding standards across the EU. National authorities retain the responsibility for enforcement and fines.
The EDPB’s new chairwoman, Austria’s Andrea Jelinek, said that the enactment of the GDPR showed that on data privacy “Europe sets the pace. The environment is now favourable for data protection all over the world.”