Ireland's data protection agency undercut by EU ruling on Big Tech

Tue, 15 Jun, 2021 - 12:36

Cianan Brennan & Daniel McConnell

The Data Protection Commissioner (DPC) has had its position as lead regulator for tech giants based in Ireland, such as Facebook, undercut by a landmark European ruling.

A decision handed down by the Court of Justice of the European Union states that any of the 27 European data authorities can bring an enforcement under the GDPR - even if that regulator is not the lead supervisory authority in the case - “under certain conditions”.

It is not yet clear what those conditions are - nevertheless, the decision is a clear setback for the authority of the Irish DPC.

The Data Protection Commission has been the subject of consistent criticism from other European regulators for several years over the perceived slowness of its complaint resolution processes.

What's your view on this issue?

You can tell us here

Today’s decision relates to a case taken by the Belgian Privacy Commission, that country’s own regulator, in September 2015 before the Belgian courts, seeking an injunction against Facebook over its system of data gathering, using cookies and 'like' buttons and other social plugins, which it claimed were in violation of data protection law.

Facebook had consistently argued that the Irish DPC was the correct regulator to handle the complaint given its status of lead supervisory authority for Facebook, Google, Twitter and other large tech concerns which are based there.

The European Court of Justice today said that cross-border data processing requires “close, sincere, and effective cooperation” between national regulators.

“In the context of that cooperation,” the court said, the DPC cannot “ignore” the views of other authorities, and should one of them object to one of its decisions that objection would have the effect of “blocking” the adoption of that decision.

Data Commissioner's inquiry into Facebook's cross-border data transfers can proceed