Ireland fails in tackling big tech privacy complaints

article thumbnail

The Irish Data Protection Commissioner has been criticized for not resolving the vast majority of privacy complaints against Apple and other tech companies, delaying rulings in other European Union countries.

As the European headquarters for Apple, Facebook, Google, Microsoft, and Twitter, Ireland has the responsibility to ensure the companies follow EU law, including GDPR. However, in cases of privacy abuse, Ireland's failure to investigate is impacting data protection cases by other regulators within the EU.

The lack of progress has been raised by numerous privacy campaigners and EU regulators, reports the Financial Times. Accusations include the Irish Council for Civil Liberties claiming that not only are most cases unresolved in Ireland, but Spain manages to produce 10 times more draft decisions, despite having a smaller budget.

In March, Germany's Federal Commissioner for Data Protection, criticized Ireland's "extremely slow case handling, which falls significantly behind the case handling progress of most EU and especially German supervisors."

As part of the complaint, Kelber revealed that Ireland was leading 196 data protection cases by the end of 2020, but had only concluded four of them. Meanwhile, Germany closed out 52 of its 176 cases.

"Worst bottleneck"

In the latest round of criticism, it is claimed that Ireland is dealing with 164 significant privacy abuse complaints, but 98% of them are unresolved.

As member states have to rely on the lead investigatory regulator in each case to complete a draft decision before continuing their own, many regulators attempting to look into tech giants like Apple and Google are stuck in limbo while Ireland fails to act.

"GDPR enforcement against Big Tech is paralyzed by Ireland's failure to deliver draft decisions on cross-border cases," said ICCL senior fellow Johnny Ryan, who also referred to Ireland as the "worst bottleneck" for GDPR enforcement.

While rules allow the European Data Protection Board has the ability to act against data protection watchdogs at a state level, its limited powers do not allow it to force a regulator into action in a meaningful way.

Officials say the Irish government has more control over the matter, in that it can force the regulator to investigate complaints. The EU can also theoretically open infringement proceedings against the Irish government for failing to produce adequate policies for privacy rules, including those relating to investigation.

The Irish regulatory authority didn't respond to a request to comment to the report.

Vast sums at play

While slow, Ireland has made a small amount of progress against WhatsApp, fining the Facebook-owned messaging service over its general privacy policies on September 2. The fine, valued at $257 million, is the highest that Ireland has imposed over GDPR regulations, and is the second-highest in Europe on the subject.

While there is no official accusation or reasoning behind Ireland's glacial progress in dealing with GDPR investigations, the knowledge that major multinationals chose to set up their headquarters in the country could be causing friction.

Ireland has attempted to fend off attempts to introduce a global tax plan, one that could weaken its status as a tax haven for big companies. It is also fighting against the European Union over Apple's $14.4 billion tax payment, in part triggered by Ireland's provision of tax breaks considered to be illegally low for many years.