The European Parliament on Thursday (May 20) voted in favor of a resolution calling on the European Commission to initiate violations against Ireland for failing to implement the General Data Protection Regulation (GDPR).
In the resolution of the Shrems II case, a landmark court decision “ Protective shield ‘ The framework for data sharing between the European Union and the United States has expressed disappointment that the Irish Data Protection Commission (DPC) wants to take fair action instead of making its own decisions in legal proceedings. The power to do.
The DPC also sought to impose legal costs on the accused, as a result. Huge defensive effect ”It discourages EU citizens from claiming their rights in court, MEPs said.
However, the real issue is that the Irish Data Protection Authority has not yet ruled on a number of privacy complaints filed since the GDPR came into effect in May 2018. ” The figures are staggering. ”, Said EURACTIV Activist Max Shrems, behind the court case.
The DPC reported tens of thousands of complaints last year, but none of these complaints have been formally resolved. During a recent parliamentary hearing, she publicly agreed that handling a complaint means dismissing it without investigation.
This means that the main path to enforcing your fundamental rights will be 100% failed in Ireland by 2020. If this is not the case then maybe it’s time for a change.He added.
Despite thousands of complaints, the DPC has only granted one permit for violating the GDPR. For members of the European Legislature, this inaction is against GDPR because Article 60’s competent authority must act. ” Without delay “. In addition, the resolution considers that the supervisory authorities have not taken adequate action against the DPC in accordance with the GDPR.
Most digital giants have European headquarters in Ireland due to the tax system. Therefore, DPC is the primary data protection authority for considering GDPR violations and privacy complaints against these tech companies. Critics say Ireland may be tempted to underestimate GDPR implementation because of the financial interests of large tech companies that remain in their territory.
The Irish agency is seen as part of a larger issue related to GDPR enforcement governance, with the Irish MEP Claire Dalik (left) and the CPD paying too much attention. ” We certainly believe that it is right to review the role of the Irish DPC, but its role is significant, but we do not believe that this will happen at the expense of reviewing the broader system across the board. ‘Europe and its shortcomings and failures’, She said EURACTIV.
Conflicts between the DPC and its rivals in other European countries have sometimes erupted in public. In March, the German Data Protection Authority criticized the DPC’s slowness in handling complaints. Helen Dixon, director of the Authority, justified the delay by pointing to a lack of resources. DPC’s budget has grown steadily in recent years, reaching 19.1 million euros in 2021.
« We have found that some of these resources have been made available and improvements have been made, but we believe that DPC’s resources can be increased again because the companies that regulate it have unlimited funds to fight disputes. ”, Miss Daly added.
Inadequate funding in Ireland and Luxembourg two years after the European Commission has already been mentioned in the GDPR review.
Didier Reinders, commissioner of justice and consumer rights, said on the occasion EURACTIV The European Commission will consider taking action against Ireland, stating that other steps will be taken first to ensure compliance with GDPR before formal formalities are initiated.
When asked what steps have been taken to ensure data protection compliance, a commission representative told EURACTIV “ Several steps have recently been taken in this direction [Comité européen de la protection des données], Especially to improve the procedures known as the one-stop-shop system. The Commission will continue to support the work of the Council and closely monitor its progress. “
“For the new GDPR governance system based on independent data protection authorities to work effectively, it is essential to develop trust and a European cooperative spirit,” he said, declining to comment on whether the European Commission was going to open up to infringing action. Against Ireland.
EURACTIV Contacted DPC for comment, without success.