The Irish Data Protection Commission has come under fire over the slow pace of issuing any significant fines against Facebook and its properties, WhatsApp and Instagram, over serious privacy violations.
The criticism comes from noyb, a European non-profit cybersecurity enforcement platform, which has posted an open letter criticising the slow pace of the Irish authority.
The news coincides with the two-year anniversary of the new General Data Protection Regulation (GDPR) being enacted by the EU. This empowered the European Commission to levy heavy penalties on the three companies regarding complaints filed by noyb itself. However, the regulations have yet to be enforced.
Noyb describes ‘secret meetings’ between the DPC and Facebook on ‘consent bypass’ and how the two entities conspired to bypass GDPR. It also ‘exposes’ the deliberately slow pace of the DPC in enforcing GDPR norms.
Noyb’s letter calls on the EC and other European data protection authorities to take action against Ireland. While GDPR does not outline clear deadlines much of the time, DPAs can request their colleague authorities to take action or initiate ‘urgency procedures’.
“With about 10,000 complaints in two years and no fines at all against private actors, it is obvious that Ireland does not effectively implement EU law,” the letter says.
To this end, the group has sent all relevant documents and information to the DPAs, despite the Irish authority having insisted that noyb may not provide the same to its (the DPC’s) European colleagues.