EU moves to monitor Big Tech GDPR cases more closely

1 Feb 2023

Image: © doganmesut/Stock.adobe.com

ICCL senior fellow Dr Johnny Ryan said the new measures herald the beginning of ‘true enforcement’ of the GDPR in the EU.

The European Commission plans to bring in new measures to keep a closer eye on large-scale GDPR investigations.

In a document shared by the Irish Council for Civil Liberties (ICCL), the commission said it will request detailed case information from national data protection authorities every two months. This is being done to keep a closer eye on large, cross-border investigations.

The commission also said it will provide account of its practice of receiving this information from the national supervisory data protection authorities, indicating the specific kinds of data received.

The detail being requested every two months includes a summary of the investigation’s scope, the GDPR provisions that are at issue, which data watchdogs are concerned, the procedural steps taken so far and the dates these actions occurred.

Complaints on GDPR monitoring

The decision follows roughly a year-long inquiry into claims the commission had failed to adequately monitor the application of EU data protection rules in the country. This complaint was issued by the ICCL.

The Irish organisation sent a complaint to the EU Ombudsman Dr Emily O’Reilly, which concluded last December after she suggested improvements on how the commission monitors GDPR cases.

O’Reilly looked at correspondence between Ireland’s Data Protection Commission (DPC) and the European Commission, as the DPC acts as the EU’s lead supervisor under GDPR rules for several major US tech players that have European headquarters in Ireland.

The data watchdog has faced criticism over how it has handled GDPR complaints against big tech companies.

The updated measures appear to stem from the EU Ombudsman’s recommendations, such as pre-determined fields that can be filled by data watchdogs on specific cases.

ICCL senior fellow Dr Johnny Ryan said the new commitment should “transform” data and digital enforcement in Europe.

“Previously, big cases lay dormant for years,” Ryan said. “Now, we should see acceleration in investigation and enforcement, and it will be clear where the European Commission needs to take swift action against member states that fail to apply the GDPR.

“This heralds the beginning of true enforcement of the GDPR, and of serious European enforcement against big tech.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com