Europe unable to police how big tech uses our data, says report
Much of the report from the Irish Council of Irish Civil Liberties focuses on the perceived inadequacies of the Irish Data Protection Commission’s decision-making.
Five years since going live, the European General Data Protection Regulation (GDPR) is “largely paralysed”, one of Ireland’s foremost privacy advocacy bodies has said.
A new report from the Irish Council of Civil Liberties (ICCL), titled , claims that “Europe remains unable to police how big tech uses our data”.
It states that a lack of funding can no longer be blamed for that perceived stasis, given that “data protection authorities across the union now have a combined budget of a third of a billion euro”, with Ireland’s own budget now among the top five largest in the bloc.
However, despite this the report notes that 10 of the EU’s data authorities “still have budgets under €2m”.
The report, authored by the ICCL’s senior fellow Johnny Ryan, himself a prominent critic of the GDPR and Ireland’s own enforcement regime, claims that just 18% of the decisions via the GDPR’s ‘one-stop shop’ to date have led to fines.
The one-stop shop is the mechanism via which organisations engaged in cross-border data processing deal with a single country’s regulatory authority in terms of enforcement decisions.
When that country “asserts” its lead role in such investigations, no other authority can intervene, the ICCL’s report said.
Much of the report focuses on the perceived inadequacies of the Irish Data Protection Commission’s (DPC) decision-making.
However, the DPC said in March at the publication of its annual report that it had applied fines of over €1bn across 2022 as its investigations under GDPR ramped up, while two-thirds of the fines issued by regulators across Europe last year as a whole had emanated from the Irish regulator.
Many of the largest tech companies in the world — including Meta, Google, Microsoft, and Twitter — base their European headquarters in Ireland, meaning the DPC is amongst the most prominent and significant of all the bloc’s regulatory authorities.
“Uniquely, 75% of Ireland’s GDPR investigation decisions in major EU cases were overruled by majority vote of its European counterparts at the EDPB, who demand tougher enforcement action,” the ICCL report states.
It notes that just under nine in 10 of the cross-border complaints made to Ireland involve repeated actions against the same eight big tech companies.
However, the report says, the DPC has opted for “amicable resolution” in 83% of the cases it has managed against those same companies.
“Using amicable resolution for repeat offenders, or for matters likely to impact many people, contravenes European Data Protection Board guidelines,” the report said.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
