European Parliament ‘not very happy’ with Data Protection Commission

Relationship with data commissioner ‘not always easy’, European Parliament civil liberties committee says

Data Protection Commissioner Helen Dixon
Data Protection Commissioner Helen Dixon

The European Parliament is “not very happy” with the Data Protection Commission (DPC) while the relationship with commissioner Helen Dixon is “not always easy”, its committee on civil liberties, justice and home affairs has said.

French MEP Gwendoline Delbos-Corfield also said the committee had met representatives from TikTok and Meta and in both cases “to be honest, how nice they are about the DPC is not that reassuring”.

The committee was engaging with the Oireachtas justice committee on GDPR enforcement on Thursday.

German MEP Birgit Sippel said it was “remarkable” that despite the DPC having similar resources to its European counterparts, it did not “deliver the same number of clear results. I know we have a lot of big tech companies here so you might have more complaints than others, but the DPC is not even delivering the same number of results as others. There must be some reasons behind [that] and I think it’s good to have an independent review to find out what’s going on.”

READ MORE

Ms Delbos-Corfield said Ireland was in a “very ambiguous” situation whereby there were “big techs on your soil” which meant the State’s data-protection authority had “more responsibility than others do”.

“It also means the data-protection authorities in other countries will from time to time turn to this one to say, ‘What have you done about this and why are you not acting about this’,” she said.

Ms Delbos-Corfield said they were “not very happy with your DPC in the [European] parliament” and the commission hadn’t come to a committee to which it had been invited.

“The relationship with Helen Dixon is not always easy, so maybe on this you could help and create a better climate for us to work with your DPC,” she told the Oireachtas committee. “I think these are the things we should really try to work together and not in opposition.”

Ms Delbos-Corfield also asked who the DPC was accountable to and to whom it presented its annual report.

“We have met TikTok and Meta and in both cases, to be honest, how nice they are about the DPC is not that reassuring, in that really it’s a very nice dialogue and it’s very open and they meet regularly and it works very well and all of this, which is part of the job,” she said.

“I don’t think that it should only be under threats and fines and all of this but it is one part of the job and the fact that they really feel that it’s only in a monthly dialogue that they can construct things and they don’t have the feeling of really having somebody asking them for accounts is also something I wanted to know ... what your power is on this and how you can work on this.”

Irish MEP Clare Daly said some of the problems with Ireland’s GDPR system were to do with Irish legislation and would be better placed on the Government as opposed to the DPC. Ms Daly said the threshold at which a DPC in another European Union member state issues a decision was far lower and the justice committee had made “unfair comparisons” in a recent report it published.

“I think that’s very important because if we’re painting this narrative, and it might explain why the Irish DPC is a bit defensive, saying ‘Oh my god, you’re way behind’,” she said.

“Actually in a majority of their [DPC] cases they don’t issue the decisions, they resolve the case, it’s concluded but it’s not called a decision whereas in Spain for example, which you [the justice committee] use as a comparison. It’s not fair because the Spanish legislation allows them to make decisions on a much lower level with a financial penalty at a lower level.”

Deputy commissioner at the DPC Graham Doyle said there was “no reality” to suggestions the DPC had underperformed in its role; “It is in fact the EU’s most successful regulator by most important metrics. Fines amounting to hundreds of millions of euros have been issued by the DPC against some of the largest technology companies in the world for breaches in data-protection regulation.”

Mr Doyle added: “We look forward to the opportunity to discuss data-protection regulation, and the effective role the DPC has played in its enforcement, with members of the LIBE committee tomorrow.”

Sarah Burns

Sarah Burns

Sarah Burns is a reporter for The Irish Times