Today’s ECJ determination a bit of a blow to the Irish Data Protection Commission

DARKMATTERS

Registered User
Messages
38
The European Court of Justice determined today that a person or body can make a complaint to their own Member State Data Protection Commissioner about a data protection issue regarding a company that operates within its Member State. It no longer matters (with certain restrictions) whether the “Data controller” is based in another Member State.

In this particular instance, the Belgium Privacy Commission complained about facebook’s collection and use of information on the browsing behavior of Belgium internet users whether or not they were Facebook account holders. Facebook had argued that the “data controller” for the data was based in Ireland (it’s European Headquarters) and that the appropriate authority to hear the complaint was the Irish Data Protection Commissioner. The ECJ disagreed.
 
Is it not a good thing for the Irish DPC? I'd have thought it may take some of the heat off them if each country has their own investigation into big tech privacy policies.
 
It’s a bit of a snub to the Irish DPC and it’s competence to investigate matters, particularly when it is the data controller for Facebook. The Irish DPC has been in a few spats with the ECJ recently (Max Schrems case) and was relatively castigated by it for taking a case to the ECJ when the statutory tools were readily available to it to deal with the particular complaint. The Irish DPC managed to hold up the Max Schrems determination for many years by taking this route. Beleve me when I say that the Irish Data Protection Commission is not Europe’s poster boy for data protection.
 
Last edited:
The Irish DPC wasn't doing the job it was meant to - so it seems normal to me that some of work has been taken back and distributed to member states.

Whether the Irish DPC was under-funded deliberately so that it could not do the job or it was underfunded by accident is a good question.
 
To me, DPC Dixon and her team's strategy seemed to involve targeting the low hanging fruit (like the Public Services Card) while kicking the more complex issues as far down the road as they could.
 
To me, DPC Dixon and her team's strategy seemed to involve targeting the low hanging fruit (like the Public Services Card) while kicking the more complex issues as far down the road as they could.
Complex issues such as?
 
More like chronic non-enforcement of data protection issues and delivering fines that other European Data Protection Regulators believe were far too low.
 
Back
Top