Emily O’Reilly, European Ombudsman, recently sent a request to the European Commission asking it to look into the case of Ireland. Indeed, the country where many European vessels of large technology companies are based does not seem sufficiently proactive in the application of the GDPR.
Not much given prominence, the European Ombudsman has an independent role, and his mission is to ensure the proper administration of European institutions and bodies. In this case, if the European Commission does not sufficiently ensure the proper application of the GDPR in Ireland, the Ombudsmen and Mediators can hold it to account. They can do so on their own initiative, or that of an administration, person or company.
Apple hopes to end AirTag hijacking
Here, Emily O’Reilly follows a complaint from the Irish Council for Civil Liberties (CILC, or ICCL in English) received by the European Ombudsman at the end of 2021. For Johnny Ryan, member of the CILC, the Irish administration responsible for enforcing the GDPR, the Data Protection Commission (DPC), has already dismissed 98% of complaints received, a figure it disputes. He also explains that he contacted Didier Reynders, Commissioner for Justice, saying that the European Commission has a duty to ensure that the GDPR is applied.
In a letter sent to the President of the Commission, Ursula von der Leyen, and relayed on Twitter by Johnny Ryan, Emily O’Reilly explains that he ” agrees to ask the Commission to provide a detailed and comprehensive account of the information it has gathered so far to determine whether the GDPR is applied in all respects in Ireland. »
Tea @EUombudsman‘s letter to @vonderleyen today re our @ICCLtweet complaint that the Commission failed to monitor the application of the GDPR. @DReynders @EUOmbudsmanEOR pic.twitter.com/oDPLzefFYB
— Johnny Ryan (@johnnyryan) February 10, 2022
Especially since the practices of the Irish CNIL are already the subject of a complaint for corruption in Austria by the NGO Noyb. ” This is a regulator who clearly asks for ‘compensation’ to do their job, which is probably an act of corruption in Austria », Estimates the NGO. Its founder, lawyer Maximilian Schrems, known for his relentless defense of personal data, considers that ” the conduct of the DPC has finally crossed all the red lines. They deprive us of all our rights to due process unless we agree to shut up “.
A point to which Emily O’Reilly certainly refers in her press release, recalling that ” Public bodies, as well as civil society organisations, report that GDPR enforcement in Ireland is inadequate (…)”.
While Meta, Google, Microsoft, and many other behemoths have set up their European headquarters in Ireland, the implementation of the GDPR in 2018 revealed the important role it plays. The DPC has often disappointed in the past, but the popularization of the problem of data processing, as well as the pressure gradually exerted by the Member States, tend to make things happen. But that’s still not enough.