The European Parliament has voted in favour of a resolution calling on the European Commission to open an infringement procedure against Ireland. The procedure concerns the country’s failure to enforce the General Data Protection Regulation (GDPR).
A landmark judicial ruling invalidated the EU-US Privacy Shield in a resolution on the Schrems II case. The members of the European Parlement (MEP’s) expressed their disappointment during the judicial proceedings. Ireland’s DPC (Data Protection Commissioner) chose to bring the case to court rather than act on its own, as it had the power to do so.
Ireland lacks in defending citizens
Ireland’s DPC also tried and failed to put the costs of the proceedings on the defendant, which would have discouraged EU citizens who might want to uphold their rights in court. The MEPs said the move would have had a ‘massive chilling effect’ on people whose rights may be infringed.
The other matter concerns what seems like a reluctance, on the part of the Irish Data Protection Authority, to decide on many of the privacy complaints that have been filled since the GDPR went into effect in May 2018. Max Schrems, the activist who initiated the judicial case, said that the numbers are ‘staggering.’
Is the DPC playing dumb?
The DPC reported 10,000 complaints last year but has not made any formal decision on any of them. It openly acknowledged in a recent parliament hearing that it felt like closing the case without an investigation was essentially ‘handling’ it.
Schrems said that the main path for people to enforce their fundamental right failed 100% in Ireland last year, pointing to it as cause for an infringement procedure. The DPC has issued only one sanction for a GDPR breach, contradicting the regulations, as Article 60 specifies that a country has to act without delay.