On the eve of GDPR’s third anniversary, MEPs are ratcheting up the pressure on the Irish data regulator to get its finger out, amid widespread criticism over the organisation’s enforcement record.
The European Parliament has adopted a resolution calling on the European Commission to start infringement procedures against the Irish Data Protection Commission; it was adopted by 541 votes, with only one vote against and 151 abstentions.
The resolution states that the European Parliament “expresses deep concern that several complaints against breaches of the GDPR filed on May 25 2018, the day the GDPR became applicable, and other complaints from privacy organisations and consumer groups, have not yet been decided by the Irish DPC, which is the lead authority for these cases”.
It further highlighted that it “is concerned that the DPC interprets ‘without delay’ in Article 60(3) of the GDPR – contrary to the legislators’ intention – as longer than a matter of months”.
The MEPs also called on other data protection authorities in the EU to “take proactive steps under Article 61 and 66 of the GDPR to force the Irish DPC to comply with its obligations under the GDPR”.
The move is likely to pile even more pressure on the Irish DPC, which has long been criticised by both privacy groups and other EU data protection authorities (DPAs) for a perceived go-slow in tackling GDPR investigations.
At the last count, the Irish DPC had over 60 official investigations under way, with over more than two dozen statutory GDPR inquiries into multinational tech giants. Over half relate to Facebook and its WhatsApp and Instagram subsidiaries. It also has three probes into Apple, and one each into LinkedIn, Quantcast, Verizon and Tinder.
Its recent ruling against Twitter, which saw the tech giant receive a €450,000 (£410,000) fine for data breach failings, caused a rift with a number of EU DPAs who argued that it was not severe enough.
Data protection experts are awaiting a decision on the its latest ruling – against WhatsApp – which, like the Twitter decision, has to be approved by the other EU DPAs as it is a cross-border case.
Related stories
Irish GDPR investigations ‘hampered by ancient tech’
EU regulators mull €50m Irish GDPR fine for WhatsApp
Exposed: Row over ‘paltry’ Twitter fine threatens GDPR
Twitter fined just €450,000 in first major Irish ruling
Irish data regulator ‘go-slow’ triggers judicial review
The end is nigh: EU chiefs finally sanction Twitter fine
ICO and Irish DPC ‘among the worst GDPR enforcers’
Irish data regulator issues first GDPR ruling in two years
EU chiefs force review of Irish draft GDPR Twitter ruling
Irish data chief hits back over GDPR ‘soft touch’ claims