January 23, 2022

Volume XII, Number 23

Advertisement
Advertisement

January 21, 2022

Subscribe to Latest Legal News and Analysis

January 20, 2022

Subscribe to Latest Legal News and Analysis

European Commission Defends Irish Data Protection Commissioner

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”).

Background

On December 6, 2021, the concerned MEPs sent a letter to Commissioner Reynders to raise concerns about how the DPC enforces the EU General Data Protection (“GDPR”) and applies the GDPR’s cooperation mechanism. The MEPs asked Commissioner Reynders to initiate infringement proceedings against the DPC.

As the lead data protection authority (“DPA”) for various Big Tech companies that have their EU headquarters in Ireland, the DPC has been subject to criticism from various angles over the past years.

Commissioner Reynders’ Response

In his response, Commissioner Reynders defended the DPC against the criticism and stated, among other things, that:

  • It is too early to come to definitive conclusions as to the efficiency and functioning of the GDPR cooperation mechanism.

  • The European Commission is taking appropriate actions to monitor the application of the GDPR in EU Member States. As an example, Commissioner Reynders mentioned the ongoing infringement proceedings against the Belgian DPA in connection with its alleged lack of independence.

  • There is no evidence that the Irish data protection rules have not been respected by the DPC and that the cooperation mechanism has not been applied correctly. Commissioner Reynders referred to the €225 million fine issued against WhatsApp as an example of the DPC’s action to enforce the GDPR. He further reminds the MEPs that not all investigations carried out by DPAs lead to a decision (e.g., the complaint may be withdrawn by the data subject or closed by the DPA). According to the Commissioner, this may explain the low statistics, which the MEPs used in their letter to demonstrate the DPC’s inaction.

  • Despite being requested to do so by the MEPs, the European Commission is not competent to comment on or launch infringement proceedings against a DPA for the views it expressed on a specific topic (i.e., the question of which data can be processed on the basis of contract in an online context in this case) in the context of discussions at the European Data Protection Board.

Read the full letter.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 13
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement