We’re available from 9 am to 6 pm on weekdays. Contact Us.
Lack of GDPR enforcement: Complaint against EU Commission initiated

The Irish Council for Civil Liberties (ICCL) has launched a formal complaint against the European Commission before the European Ombudsman.

This complaint has two components, explains ICCL in a press release.

–First, according to ICCL, the European Commission has failed to properly monitor the application of the General Data Protection Regulation (GDPR). ICCL has found that the European Commission has not gathered the data to be able to determine whether the GDPR is being properly applied. The European Commission has the duty to properly monitor how Member States apply EU law under Article 17(1) of the Treaty on European Union.

–Second, the European Commission has neglected to act against Ireland’s failure to properly apply the GDPR. In September ICCL revealed that 98% of Ireland's major cases of EU-wide significance ("cross-border” cases) remain unresolved. As a result, EU enforcement against Google, Facebook, Microsoft, Apple, and other Big Tech is paralysed by Ireland’s failure to deliver draft decisions on cross-border cases. The Commission, as the guardian of the treaties, is responsible for ensuring that Member States uphold EU law. Article 258 of the Treaty on the Functioning of the European Union gives the European Commission the power to take Member States that fail to do so to the European Court of Justice.

“Not only did the Commission fail to act, but it did not even equip itself with the knowledge required to make the decision to act”, said Dr Johnny Ryan, Senior Fellow of the ICCL. “The Commission has taken its eye off the ball, and the GDPR is now in disarray. It must now steer us out of the privacy crisis.”

ICCL’s complaint follows correspondence from ICCL to European Commissioner for Justice Didier Reynders, and an ICCL report on the deficiencies of GDPR enforcement against Big Tech that led to headlines across the bloc  in September.

Ireland is the “lead supervisory authority” under the GDPR for Big Tech firms who have their European headquarters in Ireland. No other enforcer in the EU can intervene if the Irish Data Protection Commission asserts its lead role in cases against big tech firms headquartered in Ireland. Ireland’s failure to uphold the GDPR therefore exposes the entire Union to hazard.

The European Ombudsman has the power to investigate, and to make a finding of maladministration against European Commissioner for Justice Didier Reynders.

Source: ICCL