Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Thursday 30 November 2023 Dublin: 3°C
privacy rights

State slapped with legal action over Irish data protection regime

Digital Rights Ireland claims the State has not properly implemented EU legislation on data protection.

A DIGITAL RIGHTS advocacy group is taking legal action challenging the independence of the Irish Data Protection Commissioner (DPC).

Legal papers being served on the State by Digital Rights Ireland (DRI) say the government has failed in its legal duty to ensure the true independence of the regulator.

The group claims Ireland has not properly implemented EU legislation that requires data protection authorities to be genuinely independent from the government.

“Ireland’s position as the EU’s centre for technology multinational companies makes it critical for the protection of all EU citizens’ rights that the State has a world-class data protection regulatory regime,” DRI said in a note on its website.

“Ireland’s data protection authority doesn’t meet the criteria set down by the EU case law for true independence,” it added.

As the Irish government has refused to acknowledge this to date, we are turning to the courts to uphold Irish and EU citizens’ fundamental rights.


Simon McGarr, a solicitor with McGarr Solicitors who is acting for DRI, said the papers note that the office of the DPC is “structurally integrated” within the Department of Justice.

He said the group believes the regulator has failed to adequately monitor databases of citizen information created by some public bodies in recent years.

DRI previously took a case to the Court of Justice of the European Union that led to an EU data-retention directive, then the basis for Irish law, being thrown out in 2014.

In a statement on its latest action, the group said: “Ireland’s DPC has a key role in Europe’s data protection landscape.

From our 2014 case overturning data retention to the Schrems case [on Safe Harbour], to the Microsoft v USA warrant case, Ireland is the critical jurisdiction for the protection for the rights of citizens across the EU.

The Office of the DPC said it could not comment on the specifics of this latest case as it is not a party to it.

“This Office and the Commissioner are completely independent in the exercise of their functions as set out in Data Protection Acts 1988 and 2003,” a spokesperson for the authority said.

Read: State surveillance: How Gardaí and others can secretly monitor you

Read: 80% of Irish people think they can’t control their privacy on social media

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.