A leading Irish privacy advocacy group has “welcomed” reports that the Department of Justice is seeking to expand the number of Data Protection Commissioners from one to three.
Digital Rights Ireland has written to the Minister for Justice Helen McEntee to suggest that it is “now time to revisit” how the commission is structured.
The DPC is Ireland’s independent data protection regulator, which also doubles as the lead watchdog for many of the world’s largest tech firms who count Ireland as their European home - including Facebook, Google and Twitter.
However, the regulator has come in for heated criticism both from Europe and within Ireland in recent times regarding the perceived slow nature of its decision-making processes in holding big tech to account.
Last month, the then-acting Minister for Justice Heather Humphreys instructed her Department to consider the appointment of a further two commissioners in order to share the burden currently carried by DPC Helen Dixon alone, who has been in the job since 2014.
Ireland has had a sole commissioner since the creation of the office in 1989 in the wake of the passing of Ireland’s 1988 Data Protection Act. Should the Department okay the move it would be up to the Minister to bring the recommendation to Cabinet for final approval.
Writing to Ms McEntee, DRI director TJ McIntyre, an associate professor of law at UCD, said: “It is over 30 years since the current structure was put in place and it is now time to revisit how the commission is structured.”
He said that the appointment of additional commissioners is “an opportunity to develop the global role of the DPC”, but added that any new appointments must “have the requisite experience in a number of fields”.
Specifically, any new appointment must account for the “European and international” contexts of the role, along with experience of both technical and investigative data protection matters, he said.
Dr McIntyre added that any new appointments should include at least one data protection lawyer with experience of regulatory enforcement.
“A stronger DPC is needed to protect human rights and uphold Irish and EU law, and the appointment of new commissioners is an opportunity to develop this,” he said. A spokesperson for the Department of Justice confirmed that the matter remains under active consideration.
The need for a second and third commissioner has been a frequent barb thrown at the Data Protection Commission, most notably since the implementation of the GDPR in May 2018.
Privacy activist Max Schrems, who has been involved in legal wrangles with the DPC for many years concerning a series of seismic actions he has taken against Facebook, previously has said that “logic states that there should be more than one commissioner”.
“A single person cannot effectively manage 4,000 complaints a year, with everything going across the one table,” Mr Schrems told the Irish Examiner earlier this year.
Sources close to the DPC have previously defended the commission’s performance, arguing that creating more commissioners will solve the wrong problem, given any logjam within the investigative process stems from further down the food chain within the agency.