The Data Protection Commission (DPC) has failed to resolve 98 per cent of cases important enough to be of concern across the EU and needs to be urgently reformed, the Irish Council for Civil Liberties (ICCL) is to tell an Oireachtas committee on Tuesday.
In an opening statement due to be made to TDs and Senators, Dr Johnny Ryan, a senior fellow at the ICCL, will state the commission is the "bottleneck" of General Data Protection Regulation (GDPR) investigations of tech giants across the EU.
“In the three years since the GDPR was applied, the DPC asserted its lead role in 196 cases, but delivered decisions in only four,” he will say.
“Systematic infringement of fundamental rights go unchecked by the DPC,” Dr Ryan will add.
In his opening statement Dr Ryan will reiterate his argument that the commission’s failure to uphold the rights of European citizens “creates economic and reputational risks for Ireland”.
Max Schrems
Dr Ryan is among a number of speakers due to appear before the Oireachtas Joint Committee on Justice. Also appearing is Austrian privacy campaigner Max Schrems, who will discuss, among other things, the GDPR. The legislation, which came into effect in May 2018, gives data regulators powers to fine companies up to 4 per cent of their global turnover of the previous year or €20 million, whichever is greater, for violating the law.
Mr Schrems will also be discussing his ongoing complaint against Facebook's user data policies. He recently described Ireland's approach to protecting European Union citizens' data as a "Kafkaesque" waste of Irish taxpayers' money.
With most of the big tech companies such as Google and Facebook having located their European headquarters in Dublin, the DPC has become a de facto regulator for their pan-European data activities. However, there have been widespread complaints about delays by the commission in reaching decisions in investigations.
Intervene
The ICCL in its opening statement will urge the Government to intervene to ensure the State meets its GDPR obligations. It has called for the appointment of two additional data protection commissioners and to designate a chair. It also wants to see an independent review established on how to reform the commission.
An investigation carried out by the organisation earlier this year concluded that a five-year delay in implementing an internal ICT project has cost the taxpayer at least €1 million.
Representatives from the commission are also expected to appear at the committee on Tuesday, as will solicitor Fred Logue.