The DPC has appointed a senior member to Brussels full time, while the commissioner was questioned about the DPC’s ongoing TikTok probe.
Data Protection Commissioner Helen Dixon has responded to criticisms against the Irish regulatory body as she faces EU pressure about ongoing investigations.
Dixon made the statements in a speech to the European Parliament yesterday (23 May), in which she updated MEPs on the Data Protection Commission’s (DPC) enforcement actions to date and its ongoing investigations into TikTok.
Dixon also announced the placement of a permanent DPC representative to Brussels, who she described as a “senior staff member” that will be available “full time” to answer questions for MEPs.
“The DPC believes having a permanent presence in Brussels will ensure stakeholders more timely and accurate information available to them about the DPC’s work,” Dixon said.
DPC deputy commissioner Graham Doyle told SiliconRepublic.com that the placement is an “important position” as many key stakeholders are in Brussels. He added that the DPC is “committed to ensuring transparency in how we go about our work”.
Beginning the speech, Dixon gave an overview of the DPC’s work to date in handling GDPR enforcement and investigations. As many big tech companies locate their EU headquarters in Ireland, the DPC takes the lead on many investigations.
“There is no other data protection authority that conducts and concludes the volume of large-scale cross border inquiries undertaken by the DPC,” Dixon said.
But the Irish regulator has been criticised over the years for its handling of GDPR investigations. Last September, a delegation of MEPs visiting Dublin called for an independent review of the Irish DPC due to concerns the authority was an enforcement “bottleneck”.
In her speech, Dixon said her office is “aware” of a narrative that other data protection authorities have forced the DPC to alter its enforcement decisions, but called this narrative “inaccurate”.
“The true position is that the majority of the fines proposed by the DPC were not subject to any adjustment at all in the context of the GDPR’s cooperation procedures,” Dixon said.
“The DPC’s legal analysis and infringement findings were also generally accepted in all cases with differences with fellow supervisory authorities largely confined to marginal issues.”
Dixon also said claims that the DPC is “routinely overturned” by its peers are “misplaced”. She argued that it makes sense for changes to be made to DPC proposals as other data protection authorities give input to “what might be said to be a form of shared decision making” .
The Irish Council of Civil Liberties (ICCL) recently criticised the DPC for its GDPR enforcement actions. A recent ICCL report claimed 75pc of the Irish DPC’s investigation decisions have been overruled by its European peers.
This report also claimed the Irish regulator chooses “amicable resolution” to resolve 83pc of the cross-border complaints its receives, instead of conducting a full investigation.
The DPC issued the biggest ever GDPR fine to Meta earlier this week. The tech giant has been ordered to pay €1.2bn and halt its data transfers from the EU to the US within five months.
Dixon said it was the DPC that wanted to halt these data transfers, but noted that the Irish regulator disagreed with the fine. The European Data Protection Board stepped in last month to have the final decision include an administrative fine.
“In our view, a meaningful change – if it was to be delivered in this area – required the suspension of transfers,” Dixon said. “No administrative fine could guarantee the kind of change required”.
In 2021, Austrian privacy campaigner Max Schrems accused the DPC of improperly lobbying other EU regulators on behalf of Meta. The DPC said these claims were “baseless” and “utterly untrue”.
In her speech, Dixon gave an update on the current investigations into TikTok regarding the processing of children’s data and the transfer of data to China.
Dixon hinted that a decision on TikTok’s handling of children’s data would be coming this year. She also said that 2023 is expected to be a big year for GDPR enforcement.
However, Dixon said she was unable to speak too deeply on the investigations as they are “ongoing”.
German Free Democratic Party MEP Moritz Körner said he first raised concerns about TikTok in 2019 and was critical about the length of these investigations.
“It’s good to hear today that you are in the final stage of your investigation but more than four years have gone by,” Körner said.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.