Data Protection Commissioner Helen Dixon has defended her record of enforcing EU data privacy laws, saying Ireland must defend the regulator and the results it has achieved so far .
Speaking on the publication of the watchdog’s 2021 annual report, Ms Dixon said “very damaging” profiles on Ireland’s data protection regime had been written over the years.
She said the misinformation has been “amplified” by commentators who “have no knowledge” of the work she has done, fines imposed, ongoing cases or litigation she has engaged in.
It was a problem for Ireland and a problem for the DPC, she said.
“More needs to be done for Ireland to defend the increasingly well-funded scheme it has put in place with significant capacity and results to show.”
The regulator has been criticized for the pace and scale of big tech investigations since the entry into force in 2018 of EU data protection rules – General Data Protection Regulation – which have made the commission the EU regulator for large multinational tech companies based in Ireland.
The DPC invited Facebook whistleblower Frances Haugen to a meeting to explain her work and “the specifics of the legal framework in which we regulate” after calling for an independent review of the regulator during an appearance before the media committee of Oireachtas.
In a potentially significant decision for Big Tech companies operating across the Atlantic, the DPC is expected to order Facebook owner Meta to suspend data transfers to the United States, which has prompted threats from the part of the social media giant to withdraw its websites from Europe.
Ms Dixon said she could not comment on the planned move as it was “only an interim view” as she invited other EU regulators to comment on the matter.
At the end of last year, the commission had 81 statutory investigations underway, including 30 cross-border ones into tech companies such as Google, Facebook, Twitter and LinkedIn.
Four draft decisions on Big Tech investigations were circulated to other EU data protection authorities in 2021: three on Facebook and one on WhatsApp, also owned by Meta.
The WhatsApp decision led to 225 million euros, the highest imposed by the Irish regulator. The messaging app is challenging the decision in Irish and European courts.
Ms Dixon said two EU regulators had filed objections to the DPC’s decision on an investigation into 12 data breaches at Meta/Facebook, but she had reached consensus with those two regulators in the section 60 process when consulting with other regulators.
“This one will end and finalize very soon,” she said.
Two other rulings drew objections from 10 other EU regulators – one over an investigation into Meta’s Instagram unit regarding the processing of children’s personal data – and six other authorities over another investigation on Facebook following a complaint received from NOYB, the digital rights organization. founded by Austrian privacy activist Max Schrems.
Ms Dixon said the DPC may not be able to reach consensus with other regulators on these cases, and that it was “likely” that this would lead to the Article 65 dispute resolution mechanism.
She said the commission plans to recruit another 70 people this year, in addition to the 195 people employed at the end of last year, and will seek to increase staff again beyond that, in addition to seeking a budget. more important, above the €23 million additional budget allocated for 2022.
“We will seek to have more budget because there is so much more to do. There is a demand for things to be done faster and for more things to be done at the same time in terms of regulation. There is enormous interest and scrutiny of data protection regulations,” she said.
Get the latest business news and commentaryREGISTER HERE