#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 13°C Tuesday 5 July 2022

State slapped with legal action over Irish data protection regime

Digital Rights Ireland claims the State has not properly implemented EU legislation on data protection.

Image: Shutterstock/wavebreakmedia

A DIGITAL RIGHTS advocacy group is taking legal action challenging the independence of the Irish Data Protection Commissioner (DPC).

Legal papers being served on the State by Digital Rights Ireland (DRI) say the government has failed in its legal duty to ensure the true independence of the regulator.

The group claims Ireland has not properly implemented EU legislation that requires data protection authorities to be genuinely independent from the government.

“Ireland’s position as the EU’s centre for technology multinational companies makes it critical for the protection of all EU citizens’ rights that the State has a world-class data protection regulatory regime,” DRI said in a note on its website.

“Ireland’s data protection authority doesn’t meet the criteria set down by the EU case law for true independence,” it added.

As the Irish government has refused to acknowledge this to date, we are turning to the courts to uphold Irish and EU citizens’ fundamental rights.


Simon McGarr, a solicitor with McGarr Solicitors who is acting for DRI, said the papers note that the office of the DPC is “structurally integrated” within the Department of Justice.

He said the group believes the regulator has failed to adequately monitor databases of citizen information created by some public bodies in recent years.

DRI previously took a case to the Court of Justice of the European Union that led to an EU data-retention directive, then the basis for Irish law, being thrown out in 2014.

In a statement on its latest action, the group said: “Ireland’s DPC has a key role in Europe’s data protection landscape.

From our 2014 case overturning data retention to the Schrems case [on Safe Harbour], to the Microsoft v USA warrant case, Ireland is the critical jurisdiction for the protection for the rights of citizens across the EU.

The Office of the DPC said it could not comment on the specifics of this latest case as it is not a party to it.

“This Office and the Commissioner are completely independent in the exercise of their functions as set out in Data Protection Acts 1988 and 2003,” a spokesperson for the authority said.

Read: State surveillance: How Gardaí and others can secretly monitor you

Read: 80% of Irish people think they can’t control their privacy on social media

About the author:

Catherine Healy

Read next: