Ireland DPC defends its track record as an enforcer

At a hearing yesterday before the Joint Committee on Justice of the Irish Parliament, Ireland’s Data Protection Commissioner (DPC), Helen Dixon, faced questions from MPs and the privacy activist Max Schrems.

Referring to criticism from EU DPAs, and looking back to 2012 when the EU Commission proposed the GDPR, she said: “The same Data Protection Authorities that are criticising Ireland and the One-Stop-Shop now, are the same that were on record rejecting the concept of the One-Stop-Shop it is no surprise that there is a political element to the criticisms that are being made."

She said that there have been many criticisms that are totally inaccurate and do not reflect the work that her office does, but create headlines. She said that the European Parliament’s LIBE committee had not properly engaged with the DPC before coming to its conclusions – it has called for infringement proceedings against the DPC for GDPR enforcement failures.

Earlier this week, Dixon took part in a conference discussion about the One-Stop-Shop. While some ideas were flagged about how to make the process function better, Wojciech Wiewiórowski, European Data Protection Supervisor (EDPS) raised the question of who should be the referee when there are problems between the DPAs. While the EDPS provides the secretariat and the EU Commission takes part in the meetings of the European Data Protection Board, neither can act as a backstop in disputes.

Under the previous law, Ireland was obliged to investigate every complaint. Now, with the risk-based approach under the 2018 law there is no obligation for the DPC to produce a decision in every complaint – instead of a formal decision the office may use mediation to come to an amicable solution, Dixon said.

On 23 April, the DPC issued its Draft Regulatory Strategy for 2021-2026 for public consultation until 30 June 2021.