The Data Protection Commissioner said it was ‘a year of strong regulatory results’ but ‘higher standards’ are needed in many sectors.
Ireland’s Data Protection Commissioner has defended the track record of the Data Protection Commission (DPC) in enforcing GDPR, amid criticism from politicians and privacy advocates about the Irish watchdog’s ability to hold Big Tech accountable.
As the DPC’s annual report for 2021 was published today (24 February), Helen Dixon called it “a year of strong regulatory results” but also acknowledged that there is room for improvement.
“It is clear that ‘data controllers’ in Ireland continue to improve their compliance efforts, but higher standards of responsiveness to individuals seeking to exercise their rights are still needed in many sectors,” she said in a statement. “The DPC will continue to target enforcement actions aimed at driving those necessary improvements.”
As well as being the national data watchdog, the DPC acts as the EU’s lead data supervisor under GDPR for several major tech players that have European headquarters in Ireland, including Apple, Facebook, Google, LinkedIn, TikTok and Twitter.
Dixon defends DPC
According to the report, the DPC experienced a 7pc increase in the number of queries and complaints it received last year compared to 2020. It received 3,419 new complaints and concluded a total of 3,564 complaints, including some received before 2021.
It also received 6,549 valid breach notifications last year, and concluded 95pc of total recorded breach cases.
The DPC concluded five large-scale inquiries in 2021. This included a GDPR investigation into Meta-owned WhatsApp, which concluded in a €225m fine slammed on the messaging app in September.
But the DPC also faced a lot of criticism during the year. In the report, Dixon wrote that certain allegations levelled against the watchdog “serve only to obscure the true nature and extent of the challenges presented by the particular framework by which the EU member states are bound to legislate for the enforcement of data protection within the EU as a whole”.
Speaking to The Irish Times, Dixon added that “very damaging” profiles of Ireland’s data protection efforts had been written over the years, with misinformation “amplified” by commentators who “have no knowledge” of the work done by the DPC.
Taoiseach Micheál Martin, TD, made similar comments earlier this week in Berlin. He said Dixon is “well up to the mark” and that Ireland should be “more robust” in her defence, accusing her critics of acting in “their own interests”.
The DPC has faced criticism in recent years for its handling of GDPR complaints against Big Tech companies in Ireland.
Dr Johnny Ryan, senior fellow at the Irish Council for Civil Liberties, told an Oireachtas Joint Committee on Justice last April that the DPC had failed to resolve 98pc of cases important enough to be of concern across the EU and that the country had become a “bottleneck of GDPR investigation and enforcement”.
A senior European Commission official warned later in the year that the EU’s privacy rules may need to change, with more power put in the hands of EU institutions, if enforcement is not effective.
The DPC was then accused by Austrian privacy campaigner Max Schrems of improperly lobbying other EU regulators to allow Facebook to bypass user consent requirements for ad-related data collection. But the Irish data watchdog said the claims were “utterly untrue”.
At a Joint Oireachtas Committee meeting yesterday (23 February), Facebook whistleblower Frances Haugen called for a review of the DPC and claimed the Irish regulator is “widely considered” to have stepped back in its responsibilities in enforcing GDPR.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.