EU Ombudsman urges close monitoring of Ireland’s Big Tech GDPR cases

21 Dec 2022

EU Ombudsman Dr Emily O'Reilly in 2019. Image: CEU / Zoltan Tuba (Kepszerkesztoseg) (CC BY-NC-ND 2.0)

The decision concludes a year-long inquiry into claims that the European Commission had failed to adequately monitor how data protection rules are applied in Ireland.

The EU Ombudsman has suggested improvements into how the European Commission monitors Ireland’s handling of GDPR cases.

It follows a nearly year-long inquiry into claims the Commission had failed to adequately monitor the application of EU data protection rules in the country. This complaint came from the Irish Council for Civil Liberties (ICCL).

The Irish Data Protection Commission (DPC) acts as the EU’s lead supervisor under GDPR rules for several major US tech players that have European headquarters in Ireland, including Meta, Google, TikTok and Twitter.

But the data watchdog has faced criticism over how it has been handling GDPR complaints against Big Tech.

In her investigation, EU Ombudsman Dr Emily O’Reilly found that the European Commission receives a bi-monthly update from the Irish DPC on how it handles these cases.

O’Reilly concluded that these updates were an “encouraging example of a specific targeted monitoring measure” and that it is appropriate and in line with good administration.

However, the ICCL said that there was no regular reporting before the launch of its complaint and the inquiry by the Ombudsman.

In October, ICCL senior fellow Johnny Ryan criticised the European Commission and claimed it had “produced little to indicate that it has diligently monitored Ireland’s application of the GDPR”.

O’Reilly said that in the absence of this bi-monthly update, she would have had serious doubts as to “the adequacy of the information that the European Commission relies on”.

She suggested improvements to these regular overviews, such as a table with a series of pre-determined fields that could be filled by the Irish DPC on specific cases.

“Whenever individual cases have given rise to own initiative investigations, this too should be noted for the individual cases, together with a reference to the own initiative investigation so as to allow the European Commission to monitor how the individual cases were processed,” O’Reilly said.

Following a three-day visit to Dublin in September, a delegation of MEPs called for an independent review of Ireland’s DPC over concerns that it has become a “bottleneck” of GDPR enforcement.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

EU Ombudsman Dr Emily O’Reilly in 2019. Image: CEU/Zoltan Tuba (Kepszerkesztoseg) via Flickr (CC BY-NC-ND 2.0)

Leigh Mc Gowran is a journalist with Silicon Republic