The Irish DPC, Helen Dixon, is under increasing pressure from other European DPAs and the European Parliament for failing to enforce GDPR rules on Big Tech. In response, Dixon has accused European Parliamentarians of prejudice and cancelled an appearance in a Parliamentary hearing that she had demanded. The result has been to leave Dixon increasingly isolated as she struggles to deal with calls for EU action.
At the core of this increasing bitter spat is how Dixon’s office has handled privacy complaints, especially those against Facebook and its subsidiaries. The Irish DPC has already faced a judicial review at Ireland’s High Court over its handling of GDPR cases against Facebook. It has also sought and received rulings from the European Court of Justice, ECJ, but then failed to act on them.
Now the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) has raised the stakes. It has asked the European Commission to start an infringement action against Ireland for failing to enforce the GDPR.
In a draft motion for a resolution, LIBE also: “strongly condemns the attempt of the Irish Data Protection Authority to shift the costs of the judicial procedure to Maximilian Schrems, which would have created a massive chilling effect.”
Dixon comes out fighting but so do others
Dixon has responded to the draft motion from LIBE with two letters. In those, she accuses the committee of not giving her an opportunity to appear and put her case. However, when a date was agreed, Dixon then refused to appear as the committee had invited other parties to also appear on the same day.
On the issue of costs, Dixon claims that the committee is simply wrong in saying she sought to recover costs from Schrems. In a letter to the LIBE Committee, Schrems partially backs up Dixon, writing: “The DPC is correct that it did not seek to collect costs from me and agreed not to do so at the beginning of the case. However, it also refused to pay my costs (estimated at multiple million Euros, given the high legal fees in Ireland) despite filing a case against me as a defendant and losing this case. The intention of the DPC to not pay for my legal fees was quickly resolved by the Irish High Court, which decided that the DPC must cover said costs.”
It is not just the LIBE Committee that Dixon takes issue with. She has attacked other European DPAs for bringing flawed cases that have been overturned. It has led to the German DPA responding and saying that Dixon’s statements are very one-sided and: “often leave her isolated in the circle of European data protection supervisory authorities.”
Enterprise Times: What does this mean?
This is yet another chapter in what is becoming more a soap opera than a legal process. The Irish DPC is becoming increasingly isolated due to what other European DPAs see as a lack of action. It believes that it is doing the best it can under the circumstances and workload it is facing. However, it is becoming evident that the rest of Europe’s data protection community is running out of patience with Dixon and her team.
The question now is what action will the European Commission take against Ireland? The most likely action is a fine. The problem is, this is unlikely to solve the problem. It can’t declare the Irish DPC unfit for purpose as that is down to the Irish Government. It is also questionable as to whether it even has the power to order the Irish DPC to share jurisdiction in order to help it manage the workload. Meanwhile, Dixon says Ireland is doing better than some other DPAs, yet no other DPAs is facing this type of action.
What won’t help Dixon’s case is demanding the LIBE Committee hear her case and then refusing to attend. It simply perpetuates the situation, making it even more toxic. Judging by the German DPA comment above, that situation is already toxic enough.