Sir, – The article by Johnny Ryan, senior fellow at the Irish Council of Civil Liberties, fails to acknowledge an awkward truth about the Data Protection Commission (DPC): it is, by most important measures, Europe’s best performing data protection authority (“The Data Protection Commission is broken. Here is how to fix it”, Opinion & Analysis, September 1st).
Last year, the DPC issued more draft Article 60 decisions about major breaches of the EU General Data Protection Regulation (GDPR) than any other data protection authority in Europe; leads the bloc in both quantum of monetary fines imposed on draft decisions and the number of corrective measures enforced against online platforms; and has had its decisions approved by fellow data protection authorities around Europe in over 90 per cent of cases.
The European Court of Justice (ECJ) has never criticised the DPC’s performance. The statement referred to by Dr Ryan was not made by the ECJ but an advocate general offering an opinion to the court and in any case did not actually contain any criticism of the DPC. In fact, the advocate general said that the GDPR, and its implementation and enforcement, is in its infancy and criticised those who were prematurely seeking to undermine the regulation with speculation about its under-enforcement.
Moreover, the European Commissioner for Justice, Didier Reynders, stated earlier this year that, despite diligent monitoring, the European Commission has “not so far identified issues with the Irish data protection rules or have evidence that these rules have not been respected”.
Tony O’Reilly, Nell McCafferty, Ian Bailey and more: 50 people who died in 2024
Changing career midlife: ‘At 45 I thought I was finished... But it didn’t even occur to me that I could do anything else’
Restaurant of the year, best value and Michelin predictions: Our reviewer’s top picks of 2024
Women are far more likely to re-gift unwanted presents than men
And what of Dr Ryan’s suggestion that Ireland has lost its opportunity to be the principal EU regulator under the Digital Services Act? This regulation was never intended to operate in an identical manner to the GDPR and, quite contrary to suggestions, the Act provides an outsized role for Ireland in a form of one-stop-shop within its enforcement framework, further elevating Ireland’s position as Europe’s most important hub for digital regulation.
The DPC, like all public bodies, can and must continue to evolve in the discharge of its responsibilities. Scrutiny can help us shine a crucial light on where improvements are most needed, but to be genuinely useful it must acknowledge our achievements too, no matter how awkward that proves for our critics. – Yours, etc,
GRAHAM DOYLE,
Deputy Commissioner
and Head of
Communications,
Irish Data Protection
Commission,
Dublin 2.