Irish DPC openly acknowledges: It does not decide about GDPR complaints. At least 99.93% see no decision, despite €19.1 million funding.
In a rather astonishing hearing before the Joint Committee on Justice of the Irish Parliament, the Irish Data Protection Commissioner (DPC), Helen Dixon, acknowledged for the first time publicly what many suspected: The Irish Regulator does not decide on citizens’ complaints - in violation of EU law. In addition, the DPC accused critics of “complete inaccuracies”, largely without specifying the inaccuracies. She also accused other Data Protection Authorities of political reasons to criticize her office.
The two hour hearing (full video 1, video 2 and video 3) before the Joint Committee on Justice was split into two sessions, with Max Schrems (noyb) and Fred Logue (FP Logue Solicitors) in the first session, and Helen Dixon (DPC) and Johnny Ryan (ICCL) in the second session. Witnesses in the first session largely agreed on countless issues with the DPC and highlighted that most complaints before the DPC hardly see any decisions - often for years. Despite reporting more than 10,000 complaints in 2020, the DPC only plans six to seven formal decisions in 2021, meaning that only 0.07% of all GDPR complaints might possibly see a formal decision. This “disappearance” of complaints led Mr Schrems to speculate about a “Bermuda triangle” at the DPC.
DPC: “Handle” does not mean “decide”. The long-standing miracle of “self-resolving” GDPR complaints was then lifted by Helen Dixon: The DPC simply interprets the word “handle” to mean that the DPC can also simply dispose of complaints on the fundamental right to privacy. She openly argued “In fact, there is no obligation on the DPC under the 2018 Act to produce a decision in the case of any complaint.”
Max Schrems, Chair of noyb: “If you were to tell your boss that you interpreted ‘to handle’ as letting you dump work in the trash, you would probably get fired. Instead, the DPC asked for an increase to its existing € 19.1 million budget.” Your browser does not support the video tag.
Clear Right to Decision under the GDPR. The Right to Data Protection is protected under Article 8 of the EU’s Charter of Fundamental Rights. The national Data Protection Authorities (DPAs) are charged with enforcing this right for every user, free of charge and in a reasonable time. The GDPR even permits an appeal to the Court when the “authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject.” This was also highlighted by the Court of Justice in a recent case involving Mr Schrems and the DPC, highlighting her duty to act.
Gerard Rudden, Irish Solicitor of noyb: “The Court of Justice held that the DPC must handle a complaint with all due diligence. What is the DPC’s definition of ‘handle’? Can you ignore something ‘with all due diligence’?”
Max Schrems: “EU law requires an easy and cost free way to enforce your rights. The DPC is now openly denying this right to all EU citizens.”
Accusations pointed at EU Parliament, Witnesses and other DPAs. The DPC attacked the European Parliament for using inaccurate information when demanding an infringement procedure against Ireland over lack of GDPR enforcement (see video below). She also accused other witnesses before the Irish Parliament of “complete inaccuracies”, without further specifying what she deemed inaccurate. Mr Schrems immediately sent an open letter to the DPC and the Joint Committee demanding clarifications about these unspecific accusations…
But the DPC did not stop there: She further accused other Data Protection Authorities of political reasons to question the inefficiency of the DPC: “…the same Data Protection Authorities that are criticising Ireland and the One Stop Shop now, are those that were on record rejecting the concept of the One Stop Shop … It is no surprise that there is a political element to the criticisms that are being made.” It seems questionable if these comments will help to ensure better European cooperation in the future. Mrs Dixon is said to be avoiding most EU meetings by now.
Which consequences does it have if an official like Ms. Dixon openly doesn´t comply go law?
Why should people comply to any law if even the officials don´t? What kind of democracy is this?
What does the Irish government say? The EU?