Written Question: Irish Data Protection Commissioner and GDPR complaints

(Source: European Parliament)

Date Submitted: 14 May 2021

Question for written answer E-002629/2021

to the Commission

Rule 138

Marco Campomenosi (ID), Alessandra Basso (ID)

Subject: Irish Data Protection Commissioner and GDPR complaints

In the past year, the Irish Data Protection Commissioner has not issued decisions on 99.93 % of the complaints brought against big-tech companies, despite being the lead authority with competence for this vis-à-vis several US technology giants whose European headquarters are in Ireland(1).

The Irish Data Protection Commission, which has repeatedly been criticised for its ‘delayed response’ in implementing Regulation (EU) 2016/679, has stated before the Committee on Justice of the Irish Parliament that it is not obliged to produce a decision on complaints involving breaches of personal data rules.

The Commissioner justified this approach by saying that ‘handling complaints’ did not mean having to take formal decisions, despite the fact that under the GDPR complainants can take their case to court when the competent supervisory authority does not pursue a complaint or fails to act when necessary.

In view of the above:

Has the Commission verified whether this approach complies with the provisions of Chapter VII, Section 1 of Regulation (EU) 2016/679? Does it consider the current rules on cooperation between supervisory authorities (lead and stakeholders) in cases involving large online platforms to be adequate and effective?

Does it not feel that the one-stop-shop mechanism, which awards a deciding role to the country concerned, is open to abuse by large multinationals?

(1)       ‘Irish DPC ‘handles’ 99.93 % of GDPR complaints, without decision?’ (noyb.eu)

%d bloggers like this: