Long-standing tensions over Irish regulation of Big Tech have broken out in public after German officials attacked the Irish data protection commission for failing to enforce GDPR.
As Google, Facebook, Microsoft and Twitter have their EU headquarters in Dublin, Ireland is responsible for complying with the GDPR, the privacy rules that came into effect in May 2018.
But since then, the Irish regulator has been heavily criticized for its lack of teeth, having imposed just one € 450,000 fine on Twitter in December 2020.
On Wednesday, Ulrich Kelber, Germany’s leading data protection watchdog, wrote to MEPs complaining that Germany alone had “sent more than 50 complaints about WhatsApp” to the Irish authorities, “none of which had been reported to date. Closed”.
He also criticized the “extremely slow handling of cases, which lags significantly behind the progress of the handling of cases of most EU and especially German supervisors”. He noted that Ireland was leading 196 cases at the end of last year, but had only completed four, while Germany had closed 52 of the 176 cases.
Kelber responded to a letter from Helen Dixon, his Irish counterpart, defending her country’s reputation before the European Parliament pending a resolution naming and shaming Ireland and Luxembourg, where Amazon has its EU headquarters, for their weaknesses. enforcement performance.
The European Parliament’s Civil Liberties Committee voted this week to flag Ireland for its apparent ‘passivity’ to address the lack of resources from data protection authorities ”.
Ahead of the vote, Dixon wrote that the German sanctions privacy watchdog had been overruled by the courts in fines he handed out. “None of this is intended to be a criticism of the approach of the German supervisory authorities with regard to sanctions. However, it illustrates that everyone experiences challenges [privacy watchdogs] in their dealing with a new legal framework, ”she wrote.
Her comments seemed to have irritated her German colleagues. Kelber accused Dixon of making statements that “reflect her personal views in a very one-sided way” and “leaving her isolated in the circle of European data protection supervisory authorities”.
In her letter, Dixon also said that other than the Irish authority, no other country had taken action to address the changes after a data-sharing agreement between the US and the EU was revoked by Europe’s highest court last year.
“This statement from Ms. Dixon is just plain wrong,” wrote Kelber, explaining how shortly after the ruling, the German authority took swift action and continues to actively work with companies about its consequences.
This is not the first time the Irish privacy watchdog has been criticized for not taking enough action against Big Tech. France, Spain, Italy and others have also expressed concern.
Against this backdrop, France has aggressively lobbied for every member state to have the right to enforce privacy rules, pending a major overhaul of the bloc’s technical rules.
The Irish and German privacy watchdogs did not immediately respond to requests for comment.