8pm Dublin time (9pm CET), Monday 29 November 2021
The Irish Council for Civil Liberties (ICCL) has launched a formal complaint against the European Commission before the European Ombudsman. This complaint has two components.
- First, the European Commission has failed to properly monitor the application of the General Data Protection Regulation (GDPR). ICCL has found that the European Commission has not gathered the data to be able to determine whether the GDPR is being properly applied. The European Commission has the duty to properly monitor how Member States apply EU law under Article 17(1) of the Treaty on European Union.
- Second, the European Commission has neglected to act against Ireland’s failure to properly apply the GDPR . In September ICCL revealed that 98% of Ireland's major cases of EU-wide significance ("cross-border” cases) remain unresolved. As a result, EU enforcement against Google, Facebook, Microsoft, Apple, and other Big Tech is paralysed by Ireland’s failure to deliver draft decisions on cross-border cases. The Commission, as the guardian of the treaties, is responsible for ensuring that Member States uphold EU law. Article 258 of the Treaty on the Functioning of the European Union gives the European Commission the power to take Member States that fail to do so to the European Court of Justice.
“Not only did the Commission fail to act, but it did not even equip itself with the knowledge required to make the decision to act”, said Dr Johnny Ryan, Senior Fellow of the ICCL. “The Commission has taken its eye off the ball, and the GDPR is now in disarray. It must now steer us out of the privacy crisis.”
ICCL’s complaint follows correspondence from ICCL to European Commissioner for Justice Didier Reynders, and an ICCL report on the deficiencies of GDPR enforcement against Big Tech that led to headlines across the bloc in September.
Ireland is the “lead supervisory authority” under the GDPR for Big Tech firms who have their European headquarters in Ireland. No other enforcer in the EU can intervene if the Irish Data Protection Commission asserts its lead role in cases against big tech firms headquartered in Ireland. Ireland’s failure to uphold the GDPR therefore exposes the entire Union to hazard.
The European Ombudsman has the power to investigate, and to make a finding of maladministration against European Commissioner for Justice Didier Reynders.
ICCL has repeatedly alerted the Irish Government about its responsibilities, and has testified on this point at the Oireachtas (Irish Parliament & Senate) Justice Committee and at the European Parliament. Ireland must urgently launch an independent review of how to strengthen and reform the Data Protection Commission, and reform the leadership of the Data Protection Commission with the appointment of two additional commissioners and selection of a chairperson.
NOTES
- In September, ICCL’s report “Europe’s Enforcement Paralysis” led to headlines in Le Monde, The Financial Times, Frankfurter Allgemeine Zeitung, El Pais, Corriere Della Sera, Les Echoes, and other European press. https://www.iccl.ie/digital-data/2021-gdpr-report/
- See the full text of ICCL’s complaint to the European Ombudsman at https://www.iccl.ie/wp-content/uploads/2021/11/REDACTED-EOWEB36591-New-complaint-from-johnnyryanicclie-copy.pdf