Data protection update
Sign up for myFT Daily Digest and be the first to learn about data protection news.
Ireland has failed to apply EU privacy laws to major US technology companies, and 98% of the 164 major complaints about privacy abuse have not yet been resolved by its regulators.
The European headquarters of Google, Facebook, Apple, Microsoft and Twitter are all located in Dublin, which makes the Irish Data Protection Commissioner the main EU regulator responsible for keeping them in compliance with the law.
But the Irish DPC has been repeatedly criticized by privacy activists and other EU regulators for failing to take action.
An analysis by the Irish Civil Liberties Commission found that the vast majority of cases remain unresolved, and Spain’s data protection budget is smaller than that of Ireland, but the resulting draft decision is 10 times that of Ireland.
ICCL senior researcher Johnny Ryan (Johnny Ryan) said that Ireland is the “worst bottleneck” in the implementation of the EU General Data Protection Regulation.
“Because of Ireland’s failure to submit a draft decision on cross-border cases, GDPR’s enforcement of large technology companies has been paralyzed,” he added, noting that other EU countries must wait for Ireland’s draft decision before taking their own actions against them. company.
The Irish regulator led by Helen Dixon did not respond to a request for comment.
“The entire cooperation system relies on several key [data protection agencies] Moving cases, so far, this has hardly happened,” Said Estelle Massé, senior policy analyst at Access Now.
Ireland’s silence on regulating large technology companies has been criticized by several other European countries, including France, Spain and Italy.
In July, the Irish Parliament issued a report Call for reform of the Irish DPC and urge it to start implementing GDPR. It said it “worries that the basic rights of citizens are in danger.”
In March, Ireland’s treatment of large technology companies triggered long-term tensions break out It was made public after German officials attacked the Irish.
Ulrich Kelber, Germany’s chief data protection supervisory authority, wrote to a member of the European Parliament complaining that Germany alone “sent more than 50 complaints about WhatsApp to the Irish authorities”. “So far, none of them One is closed”.
He also criticized Ireland for “extremely slow handling of cases, which is far behind the progress of most European Union, especially German regulatory agencies.” He pointed out that as of the end of last year, Ireland led 196 cases, but only closed 4 cases, while Germany closed 52 out of 176 cases.
EU officials stated that Brussels has limited what it can do to force Dublin to take action. The EU privacy rules give the European Data Protection Commission the power to take action against data regulators at the member state level, but its powers are limited and cannot force institutions such as the Irish DPC to perform their duties.
Officials said that under current rules, Dublin is most likely to force its own data protection agency to exercise its powers. However, in theory, the EU may file infringement lawsuits against member states that have not adopted effective policies to protect privacy rules.
Supplementary report by Jude Weber