Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Michael Traitov

Committee to hear criticisms and calls for reform of Data Protection Commission

An Oireachtas committee will discuss data protection law later this evening.

THE IRISH COUNCIL for Civil Liberties (ICCL) and others will today criticise and call for reform of Ireland’s Data Protection Commission (DPC).

The Joint Oireachtas Committee on Justice will this evening hear from the DPC, ICCL, Austrian privacy activist Max Schrems and solicitor Fred Logue in a discussion on the General Data Protection Regulation (GDPR). 

This regulation took effect in the EU in May 2018. It imposes fines on those who breach data privacy and security standards.

Dr Johnny Ryan, a senior fellow at the ICCL, will say in his opening statement to the committee that a “systematic infringement of fundamental rights go unchecked by the DPC”. 

He is expected to criticise the DPC’s slow resolution of cases and say it has left Ireland as the “bottleneck of GDPR investigation and enforcement against Google, Facebook, Microsoft and Apple”. 

Ryan is set to propose two “urgent” steps – first to appoint two new data protection commissioners and designate a DPC chair, and second to set up an independent review on DPC reform. 

“We must rebuild our DPC to protect us in the data age,” Ryan will say.

In its submission to the committee, the Data Protection Commission said it is “satisfied” that it has “instigated and progressed real and tangible outcomes for the stakeholders it serves”. 

It said the DPC is “still under-staffed” to deal with its task at hand. The submission said there are “certain pinch-points” in its operation such as lengthy resolutions for cases. 

It also said that “significant practical challenges remain” in developing a unified approach for sanctions under the GDPR across member states.

‘Unfounded’ criticisms

In her opening statement this evening, the Data Protection Commissioner Helen Dixon is due to welcome the committee’s engagement on the issue of the GDPR.

She will reject some of the claims made by other submissions to the committee and say they are made on “unfounded bases”. 

Solicitor Fred Logue, who works for a firm specialising in data protection and information law, also put forward a submission.

In this, he said delays are a serious issue with complaints sent to the DPC. 

He has raised questions about the complaints procedures and has recommended that all records held for or by the DPC should be subject to the rights of access under the 2014 Freedom of Information Act.

Privacy activist Max Schrems is also due to give an opening statement.

Dixon had previously refused to attend a European Parliament committee meeting if it meant answering questions alongside Schrems. 

The committee meeting will be held in two sessions, with Schrems and Logue in the first and the ICCL and DPC in the second. 

Schrems has been involved in legal proceedings against the DPC.

He is due to accuse the DPC of having an “extremely poor understanding of the material law provisions of the GDPR” and say that, from his experience, the office “makes about every procedural mistake you can think of”. 

He is expected to say that there is a need to reform the DPC’s procedures and to re-allocate funds from GDPR fines to “ensure that the DPC can litigate its cases”.

Solicitor Logue is also due to tell the committee that GDPR compliance, especially with access requests, is poor and that the regulation is “poorly understood by those tasked with implementing it in many organisations public and private”. 

He is expected to say that “few public authorities seem to be aware” of their data responsibilities under EU law.

He will add that the possibility of a DPC complaint “does not seem” to be something to motivate many data controllers to comply with their obligations under law. 

The committee meeting will begin at 6.30pm this evening.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
12 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds