The General Data Protection Regulation (GDPR), the main text that protects the online privacy of citizens of the European Union (EU), is it undermined by the too weak means of the Irish regulator? This is, in essence, the conclusion of a large study carried out by the Irish Council for Civil Liberties, an Irish NGO, which compiled the figures of all EU regulators, including those of the National Commission for Informatics and Liberties in France.
With regard to the GDPR, all regulators are not equivalent: in cases which concern several countries of the Union, it is the regulator of the country where the company is established who centralizes. Germany (Akamai, Palantir) and France (Criteo, IBM) supervise more cases than the average, but it is Ireland, where the European headquarters of Facebook, Google, Apple or Microsoft are located, which handles the most – over 20% of the total alone.
However, notes the Irish Council for Civil Liberties, the Irish regulator, “Underfunded for twenty years”, only manages to absorb a tiny part of these cumbersome procedures: according to its calculations, barely 2% of the cases submitted to it have been resolved. But this delay is not only linked to a lack of resources, estimates the NGO, which emphasizes that other regulators, such as “The Spanish AEPD, produced ten times more preliminary decisions than the Irish regulator, with a smaller budget”.
The cases handled by the Irish regulator are, on average, more complex, as they concern some of the largest companies in the world. However, the country is also accused by online privacy advocates of being, in general, too lenient with the big tech companies, which have created thousands of jobs in its territory, and otherwise benefit from conditions. advantageous tax. When the European Commission had demanded, in 2016, that Apple pay 13 billion euros in taxes considered due to Ireland, finally canceled in 2020, the Irish administration had … taken up the case for the firm at the Apple.
Penalties too low
During the summer of 2021, the Justice Committee of the Irish Parliament also mentioned, in a long report, dysfunctions deemed to be structural at the level of the national regulator. The parliamentarians recommended in particular greater transparency on the part of the authority, as well as “Greater use of its sanctioning powers, in particular to prohibit offenders from continuing to process data, in addition to dissuasive fines, to ensure compliance with the GDPR”.
You have 40.75% of this article left to read. The rest is for subscribers only.
www.lemonde.fr