Sir, – The article by Johnny Ryan, senior fellow at the Irish Council of Civil Liberties, fails to acknowledge an awkward truth about the Data Protection Commission (DPC): it is, by most important measures, Europe’s best performing data protection authority (“The Data Protection Commission is broken. Here is how to fix it”, Opinion & Analysis, September 1st).
Last year, the DPC issued more draft Article 60 decisions about major breaches of the EU General Data Protection Regulation (GDPR) than any other data protection authority in Europe; leads the bloc in both quantum of monetary fines imposed on draft decisions and the number of corrective measures enforced against online platforms; and has had its decisions approved by fellow data protection authorities around Europe in over 90 per cent of cases.
The European Court of Justice (ECJ) has never criticised the DPC’s performance. The statement referred to by Dr Ryan was not made by the ECJ but an advocate general offering an opinion to the court and in any case did not actually contain any criticism of the DPC. In fact, the advocate general said that the GDPR, and its implementation and enforcement, is in its infancy and criticised those who were prematurely seeking to undermine the regulation with speculation about its under-enforcement.
Moreover, the European Commissioner for Justice, Didier Reynders, stated earlier this year that, despite diligent monitoring, the European Commission has “not so far identified issues with the Irish data protection rules or have evidence that these rules have not been respected”.
An Irish businessman in Singapore: ‘You’ll get a year in jail if you are in a drunken brawl, so people don’t step out of line’
Goodbye to the 46A: End of legendary Dublin bus route made famous in song
Paul Mescal’s response to meeting King Charles was a masterclass in diplomacy
Protestants in Ireland: ‘We’ve gone after the young generations. We’ve listened and changed how we do things’
And what of Dr Ryan’s suggestion that Ireland has lost its opportunity to be the principal EU regulator under the Digital Services Act? This regulation was never intended to operate in an identical manner to the GDPR and, quite contrary to suggestions, the Act provides an outsized role for Ireland in a form of one-stop-shop within its enforcement framework, further elevating Ireland’s position as Europe’s most important hub for digital regulation.
The DPC, like all public bodies, can and must continue to evolve in the discharge of its responsibilities. Scrutiny can help us shine a crucial light on where improvements are most needed, but to be genuinely useful it must acknowledge our achievements too, no matter how awkward that proves for our critics. – Yours, etc,
GRAHAM DOYLE,
Deputy Commissioner
and Head of
Communications,
Irish Data Protection
Commission,
Dublin 2.