75% of Irish data watchdog’s GDPR decisions since 2018 overruled – report

Three quarters of the Irish data watchdog’s GDPR decisions in EU-wide cases were overruled by European regulators, a report has found.

The report indicates that 75% of the Data Protection Commission’s decisions in cross-border investigations over a five-year period were overruled by the European Data Protection Board (EDPB).

The EDPB had demanded tougher enforcement action in these cases, the report by the Irish Council for Civil Liberties (ICCL) said, with only one other country in one other case overruled in such a manner.

The figures include final decisions from January 2023 that are not yet included in the EDPB register of final decisions, from which the figures are based.

The offices of the Data Protection Commission in Dublin
The DPC has been carrying out a review of its governance structures, staffing arrangements and processes (PA)

The report said that the DPC tends to use its discretion under Irish law to choose “amicable resolution” to conclude 83% of the cross-border complaints it receives, instead of using enforcement measures.

The ICCL report claims that Ireland remains “the bottleneck of enforcement” for major cross-border cases in Europe.

“When it does eventually do so, other European enforcers then routinely vote by majority to force it to take tougher enforcement action,” it said.

As Google, Meta, Apple, TikTok and Microsoft have headquarters in Ireland, the Data Protection Commission is the lead authority investigating data privacy complaints about tech giants in Europe.

Some 87% of cross-border GDPR complaints to Ireland’s DPC also involve the same eight companies: Meta, Google, Airbnb, Yahoo!, Twitter, Microsoft, Apple, and Tinder.

Meta’s headquarters in Dublin
The DPC is the lead authority investigating data privacy complaints about tech giants in Europe (PA)

The EDPB register of EU-level decisions shows there were 49 compliance orders issued over four and a half year years.

The report called on the European Commissioner for Justice Didier Reynders to “take serious action” to enforce GDPR laws across Europe.

Last summer, the Irish Government announced that two additional data protection commissioners would be hired, and that Helen Dixon would be promoted to chairwoman of the DPC – in an attempt to better resource the watchdog in recognition of its growing workload.

The DPC has been carrying out a review of its governance structures, staffing arrangements and processes since last summer.

– Advertisement –
– Advertisement –