EU Ombudsman opens inquiry into GDPR monitoring in Ireland

11 Feb 2022

Emily O'Reilly. Image: European Union 2013/European Parliament

The inquiry comes after an ICCL complaint against the EU Commission for neglecting its duty to act on Ireland’s ‘failure to properly apply’ GDPR.

EU Ombudsman Emily O’Reilly has opened an inquiry into the European Commission’s monitoring of how data protection rules are applied in Ireland.

The inquiry comes after the Irish Council of Civil Liberties (ICCL) lodged a complaint with O’Reilly alleging that the Commission had failed to properly monitor the application of GDPR in the country.

Future Human

In a letter to Commission president Ursula von der Leyen yesterday (10 February), O’Reilly said that the inquiry is about “whether the Commission has taken adequate steps to collect sufficient information about the facts”.

In November, ICCL senior fellow Johnny Ryan lodged a formal complaint with O’Reilly, claiming that the Commission has also neglected its duty to act on Ireland’s “failure to properly apply” GDPR.

GDPR came into effect in May 2018 and gives data regulators the power to fine companies up to 4pc of their global turnover or €20m, whichever is greater, for violating Europe’s data protection rules.

The ICCL has long been critical of the Irish Data Protection Commission (DPC) over how it has been handling GDPR complaints against Big Tech companies such as Meta, Google and Apple. The DPC acts as the EU’s lead data supervisor for several major US tech players that have European headquarters in Ireland.

Ryan told an Oireachtas committee last year that Ireland had become a “bottleneck of GDPR investigation and enforcement” and the Irish DPC has failed to resolve 98pc of cases important enough to be of concern across the EU – a claim disputed by the DPC.

The Ombudsman wants the Commission to look at the ICCL complaint because “questions are bound to arise in the minds of citizens if different factual accounts circulate regarding the implementation of this important legislation”.

“Public bodies, along with civil society organisation, report that the application of the GDPR in Ireland is inadequate, whereas the Commission’s recent reply to the complainant in this case appears to suggest that there is no evidence of this,” O’Reilly wrote.

The Ombudsman has asked the Commission to provide a “detailed and comprehensive” account of the information that it has collected so far around whether the GDPR is applied “in all respects” in Ireland.

The Commission also must provide explanations of how and from what sources it gathers the information, and the deadline to respond is 15 May.

Emily O’Reilly at the European Parliament in 2013. Image: European Union 2013/European Parliament (CC BY-NC-ND 2.0)

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com