Data watchdogs fail to police Google, Facebook and Apple, says civil liberties group
The Data Protection Commission is 'failing' to enforce EU data privacy laws on major international tech companies, according to a new report from the Irish Council for Civil Liberties.
The Data Protection Commission is "failing" to enforce EU data privacy laws on major international tech companies, according to a new report by the Irish Council for Civil Liberties (ICCL).
The ICCL’s report, ‘Europe’s enforcement paralysis’, claims Ireland is Europe's "worst bottleneck of General Data Protection Regulation (GDPR) enforcement against big tech”.
Overall, the ICCL report says 21% of all complaints referred between European Data Protection Authorities (DPAs) are referred to the Irish Data Protection Commission.
According to the group, some 98% of the 164 data protection cases of “European significance” referred to the Data Protection Commission "remain unresolved".
“The Irish Data Protection Commission has failed to send draft decisions to its European colleagues on a very large number of major EU-wide cases," said ICCL senior fellow Dr Johnny Ryan, one of the report's authors.
In its report, the ICCL said Europe's data protection watchdogs have "not configured themselves for the digital era" and "continue to lack the capacity to investigate and understand what tech companies do with people’s data".
The human rights group estimates only 9.7% of staff at the watchdogs are "tech specialists".
The ICCL cited declining budgets in recent years as an indication that European governments "are not committed to the GDPR’s proper application."
The report's authors also recommend the Irish Data Protection Commission be "reformed and strengthened" and that it "must move from emphasising guidance to emphasising enforcement as a matter of urgency”.
Dr Ryan said the ICCL had sent its latest report to European Commissioner for Justice, Didier Reynders, reminding the commission of its legal duty to ensure GDPR is properly applied.
In its submission, the ICCL also urged the commission to “take action” against Ireland and any other countries that fail to protect people’s data.
In response, deputy Data Protection Commissioner Graham Doyle said the ICCL's 98% statistic was "inaccurate".
"The DPC has received more than 1,200 cross-border complaints from other DPAs since the introduction of the GDPR in May 2018, with over 600 of these resolved," he said.
On the ICCL's point of a shortage of tech specialists, Mr Doyle said that no European DPA would have "the in-house tech skills to do everything".
"As the DPC informed the ICCL last week, we have just completed an extensive procurement exercise and we now have a framework worth over €2m over the next few years, with five companies from which we can draw down state-of-the-art, niche tech knowledge going forward," he added.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
