Reform of Irish data regulator would be counterproductive, its chief says

Data protection enforcement against Big Tech companies wouldn't be quicker if the Irish data protection agency was reformed, the its chief has said.

Helen Dixon, the head of the Irish Data Protection Commission, or DPC, told MLex earlier this week that a proposal by an Irish parliamentary committee to have the authority headed up by three commissioners rather than one would slow down the regulatory process.

The authority has faced criticism from other European regulators, domestic and EU lawmakers, and privacy campaigners for perceived slow enforcement against Big Tech companies, leading to proposals such as adding new commissioners and broader reform.

But Dixon said there have been “unrealistic expectations” about how long a “large scale inquiry against a big Internet platform where the end result may be very significant sanctions” can take. “You simply must follow fair procedures if you want to make it stick,” she said.

While acknowledging that it is ultimately the government’s decision, Dixon argued that adding two new commissioners would further bog down the enforcement process. Such a reform would “create an organization … that has three heads, and that undoubtedly would slow processes down internally.”

Dixon also said the DPC has already made significant progress in enforcing against large Internet companies. Its latest annual report listed more than 20 open cross-border investigations into large technology companies, including several cases against Meta that are wrapping up.

Keeping pace

She also pushed back on accusations that her authority has lagged behind its European peers. “I haven't seen a [data protection authority] that can produce the results we’ve produced any quicker,” she said.

She didn't name other agencies, but said: “We're open to learn. If you can demonstrate how there's a quicker way to deliver on fair procedures, analyze very novel applications of a very new law to technologies that haven't had the application of the law tested against them yet. If there's a way of doing that [quickly], we're absolutely open to it.”

The DPC’s annual report, released today, shows that the German data protection authorities objected the most often to the DPC’s pan-EU decisions, followed by Poland and Italy. The decision with the most objections, according to the report, is a case involving Meta’s legal basis to process data. It garnered significant attention when Noyb, the campaign group which brought the original complaint, published the draft decision last year.

The report also revealed that the DPC hasn't objected to any decisions made by other regulators where it had the opportunity to do so. It also claimed that the mechanism for dealing with cross-border GDPR cases, known as the one-stop-shop, has achieved only one of its three goals. It has failed to create a harmonized interpretation or consistent application of the EU's data protection rules, the report read.