Marking five years since the introduction of the General Data Protection Regulation (GDPR), the Irish Council for Civil Liberties (ICCL) has accused the EU of being unable to police how big tech firms handle data.
GDPR came into force in May 2018 imposing strict rules on how companies and organisations process data.
Because many of the world’s largest tech companies have their European headquarters in Ireland, the Irish Data Protection Commission (DPC) has been the lead authority in some of the biggest investigations since the introduction of GDPR.
In its assessment today, the ICCL has claimed that Ireland continues to be a bottleneck of enforcement, delivering few draft decisions on major cross-border cases and frequently seeing its decisions overruled by European authorities.
“Europe’s failure to enforce the GDPR exposes everyone to acute hazard in the digital age,” said Dr Johnny Ryan, Senior Fellow with ICCL.
“It also threatens Europe’s place in the world, the EU cannot be a regulatory superpower unless it enforces its own laws,” Dr Ryan added.
Data Protection Commissioner Helen Dixon has repeatedly defended her office’s record, recently pointing out that it concluded 17 large-scale inquiries last year and imposed record fines in excess of €1 billion.
Publishing her office’s annual report in March, Ms Dixon said that the evidence flies in the face of claims that the DPC is too soft on big tech.
“Two-thirds of the fines issued across Europe last year, including the EU, EEA and UK, were issued by the DPC on foot of detailed and comprehensive investigations, a fact that underlines both the outsized role, and exceptional performance, of the organisation in effectively holding those guilty of non-compliance to account,” she said at the time.