Cianan Brennan: Taking on Data Protection Commission work that's ‘beyond one person’
GDPR compliance and concerns are high on the agenda of the new data protection commissioners.
After handing down eye-watering fines to tech super-giants such as Meta and battling over thorny subjects such as the Public Services Card, the Data Protection Commission (DPC) has had a relatively quiet first five months of 2024.
The country’s two newest data protection commissioners, chairman Des Hogan and former deputy data protection commissioner Dale Sunderland, seem a little taken aback when questioned as to what decisions the commission has made lately, given the chief reason that three commissioners were to be appointed rather than one in the first place was the perceived slow pace of the organisation’s rulings, particularly in terms of big tech. The final commissioner is to be in place before the end of this year.
“We have some decisions,” said Mr Sunderland. “We have a number of cross-border files which are coming towards the point where we’re ready to go through the article 60 [draft decision] process.”
Mr Hogan, who came to the role from the Chief State Solicitor’s Office, said the level of work at the DPC is “beyond one person”, despite the “tremendous job” done by Helen Dixon during her tenure as commissioner.
The two incumbent commissioners said decisions will not be made individually, but rather after consultation between them.
“We’ve had a meeting of minds on everything up to now, so I don’t see that as an issue,” said Mr Hogan.
Regarding worries expressed by some privacy sources that the new regime could see a move away from attritional battles with State bodies who may or may not be in breach of data protection legislation — Mr Sunderland’s past working for the Department of Justice has been cited to this reporter from that point of view — Mr Hogan said the DPC will continue “to regulate without fear or favour”.
Mr Sunderland provided an update on the DPC’s inquiry into the biometric nature or otherwise of the Public Services Card, an investigation which has been running for six years. He said the investigation will hopefully be brought “to conclusion over the course of the summer”, though he promptly caveated that statement noting that “the issues in play are very complex”.
In terms of big tech, the two commissioners said that the DPC’s supervisory team has been in contact with Microsoft about its new Recall facility, seeking information on how that system will comply with GDPR. The facility proposes to take screenshots of a PC’s desktop every five seconds so that AI can piece together a user’s every working movement for years, a potential data protection minefield.
Closer to home, in terms of the Road Safety Authority’s (RSA) refusal to release road collision statistics to local authorities for the past six years on foot of GDPR concerns, Mr Sunderland said that argument “was a bit of a red herring”, with the issue over gardaí and the RSA sharing more data than is needed in the DPC’s opinion.
Is it that complicated to reduce the amount of data shared?
“That’s for them really to make that assessment,” said Mr Sunderland.
Is it more an RSA or a Garda issue? “Both really.”
That one may have a while to run yet.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
