THE IRISH COUNCIL for Civil Liberties (ICCL) and others will today criticise and call for reform of Ireland’s Data Protection Commission (DPC).
The Joint Oireachtas Committee on Justice will this evening hear from the DPC, ICCL, Austrian privacy activist Max Schrems and solicitor Fred Logue in a discussion on the General Data Protection Regulation (GDPR).
This regulation took effect in the EU in May 2018. It imposes fines on those who breach data privacy and security standards.
Dr Johnny Ryan, a senior fellow at the ICCL, will say in his opening statement to the committee that a “systematic infringement of fundamental rights go unchecked by the DPC”.
He is expected to criticise the DPC’s slow resolution of cases and say it has left Ireland as the “bottleneck of GDPR investigation and enforcement against Google, Facebook, Microsoft and Apple”.
Ryan is set to propose two “urgent” steps – first to appoint two new data protection commissioners and designate a DPC chair, and second to set up an independent review on DPC reform.
“We must rebuild our DPC to protect us in the data age,” Ryan will say.
In its submission to the committee, the Data Protection Commission said it is “satisfied” that it has “instigated and progressed real and tangible outcomes for the stakeholders it serves”.
It said the DPC is “still under-staffed” to deal with its task at hand. The submission said there are “certain pinch-points” in its operation such as lengthy resolutions for cases.
It also said that “significant practical challenges remain” in developing a unified approach for sanctions under the GDPR across member states.
‘Unfounded’ criticisms
In her opening statement this evening, the Data Protection Commissioner Helen Dixon is due to welcome the committee’s engagement on the issue of the GDPR.
She will reject some of the claims made by other submissions to the committee and say they are made on “unfounded bases”.
Solicitor Fred Logue, who works for a firm specialising in data protection and information law, also put forward a submission.
In this, he said delays are a serious issue with complaints sent to the DPC.
He has raised questions about the complaints procedures and has recommended that all records held for or by the DPC should be subject to the rights of access under the 2014 Freedom of Information Act.
Privacy activist Max Schrems is also due to give an opening statement.
Dixon had previously refused to attend a European Parliament committee meeting if it meant answering questions alongside Schrems.
The committee meeting will be held in two sessions, with Schrems and Logue in the first and the ICCL and DPC in the second.
Schrems has been involved in legal proceedings against the DPC.
He is due to accuse the DPC of having an “extremely poor understanding of the material law provisions of the GDPR” and say that, from his experience, the office “makes about every procedural mistake you can think of”.
He is expected to say that there is a need to reform the DPC’s procedures and to re-allocate funds from GDPR fines to “ensure that the DPC can litigate its cases”.
Solicitor Logue is also due to tell the committee that GDPR compliance, especially with access requests, is poor and that the regulation is “poorly understood by those tasked with implementing it in many organisations public and private”.
He is expected to say that “few public authorities seem to be aware” of their data responsibilities under EU law.
He will add that the possibility of a DPC complaint “does not seem” to be something to motivate many data controllers to comply with their obligations under law.
The committee meeting will begin at 6.30pm this evening.
To embed this post, copy the code below on your site
have your say