The EU is planning a major GDPR law that could impact Irish DPC

22 Feb 2023

Ursula von der Leyen, president of the European Commission. Image: Etienne Ansotte/European Union

Expected before the summer, the proposals will seek to streamline cross-border cooperation in enforcing GDPR within the EU.

The European Commission is set to propose a new law that will attempt to significantly improve cooperation between different EU member states on privacy regulation and the GDPR.

Adopted in 2016, the General Data Protection Regulation (GDPR) has been a poster child of the EU’s success in getting global technology companies to fall in line with privacy regulation aimed at respecting people’s personal data.

However, many privacy watchdogs in EU member states, known as data protection commissions, have become weary of how the GDPR is enforced. Specifically, Ireland’s Data Protection Commission has been criticised for, among other reasons, its clemency towards Big Tech.

The Irish DPC holds a special place in GDPR regulation and enforcement in the EU by virtue of the fact that many global tech giants, including Meta, Google and Apple, have their European headquarters here. This gives it the right to oversee most GDPR violation cases in the continent.

Now, a proposed law currently being drafted by the Commission seeks to change the status quo.

“This initiative will streamline cooperation between national data protection authorities when enforcing the General Data Protection Regulation in cross-border cases,” the Commission wrote on its website recently.

“To this end, it will harmonise some aspects of the administrative procedure the national data protection authorities apply in cross-border cases. This will support a smooth functioning of the GDPR cooperation and dispute resolution mechanisms.”

After an upcoming call for evidence, the Commission will propose the new regulation in the second quarter of the year, between April and June.

This could have many implications for both Ireland’s DPC as well as the Big Tech companies headquartered in the country.

A delegation of MEPs visiting Dublin last September called for an independent review of the Irish DPC. Spanish MEP Maite Pagazaurtundúa said the delegation “remains concerned by the Irish data protection authority being a bottleneck of the one-stop-shop mechanism”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic