Helen Dixon has defended the Irish Data Protection Commission’s enforcement record in the face of criticism from campaigners Max Schrems and Johnny Ryan.
Schrems, speaking to the Oireachtas Joint Committee on Justice, said: “Of 10,000 complaints, the DPC says it will have six to seven decisions this year. This means that 99.93pc of all complaints are not decided. So for 99.3pc of people in Europe that rely on it, [the Irish DPC] is just not reachable.”
He also said there is growing appetite for an infringement procedure against Ireland, pointing to comments made by the EU Civil Liberties commission in February.
In a separate submission, Dr Johnny Ryan described Ireland as “the bottleneck of GDPR investigation and enforcement against Google, Facebook, Microsoft, and Apple, everywhere in the EU.”
However, Dixon, strongly rejected the criticism, which she branded as “simplistic”.
She said: “Last year alone, with over 10,000 cases, 60pc of the complaints lodged with the DPC last year were concluded,” she said. “We handled 42 applications for the approval of binding corporate rules, we dealt with over 6,000 security breach notifications and progressed to 87 full-scale statutory inquiries.”
Pressure on the Irish DPC
The Irish DPC has become the de facto data privacy regulator for big tech in the European Union due to the fact that many major companies have their European headquarters in the country.
This has led to pressure on the commission to speed up action against technology companies on behalf of the European Union.
Last year the commission reportedly asked the Irish government for more resources ahead of the Budget to enable it to investigate big technology firms more effectively.
The EU Civil Liberties Committee in February adopted a resolution calling on the Irish and Luxembourg Data Protection Authorities to speed up their investigations into major cases.
Dixon responded with a letter to the committee saying that the Irish DPC is “the only supervisory authority to engage with EU-US transfers in a meaningful way, or at all”. These comments were disputed and strongly criticised by Germany’s federal data protection regulator (BfDI) Ulrich Kelber and prompted the European Commission Vice President Vera Jourova to call on the regulators to stop squabbling.
Register to receive the latest data protection and privacy news and analysis straight to your inbox