Privacy activist Max Schrems has called on the European authorities to push the Irish regulator to speed up its handling of cases he has brought against Facebook on the second anniversary of the introduction of rules designed to help protect the data of consumers.
Max Schrems is not happy with the progress made since the introduction of the General Data Protection Regulation (GDPR) regime across Europe in 2018.
"After two years, we feel that the time has come to shine light on the shortcomings of the GDPR's current enforcement in Ireland and bring the debate into the public," the letter, published today, said.
The procedure adopted by the Data Protection Commission (DPC) was "highly inefficient and partly Kafkaesque," he wrote.
The letter's recipients are the national data protection authorities, the European Commission, the EU Parliament and the European Data Protection Board (EDPB).
The GDPR overhauled data protection laws in the European Union that predated the rise of the internet.
Most importantly, it gave regulators the power to impose fines of up to 4% of global revenues for companies that break the rules.
Max Schrems had previously won a landmark European ruling on data transfer in 2015.
He said he would seek a judicial review of the DPC's actions at the High Court as soon as Covid-19-related restrictions are lifted.
The DPC, asked for comment on the letter, said it had currently 23 "big tech" inquiries open.
Last Friday it announced significant developments in a number of these inquiries, including three that were initiated after complaints received from Max Schrems's non-profit organisation noyb.
"One of these complaint-based inquiries, which focuses on Facebook Ireland's obligations to establish a lawful basis for personal data processing, has now moved to the decision-making phase," the DPC said.
Max Schrems filed complaints against Google, Facebook and its affiliates Instagram and WhatsApp immediately after GDPR came into effect in May 2018, arguing that their approach violated the rights of users to choose themselves whether to allow companies to use their data.
The Data Protection Commission is the lead regulator in the Facebook cases as the firm has its European headquarters in Dublin.
The case against Google was dealt with in France, where the regulator CNIL imposed a €50m fine for breaching the EU privacy rules in January last year.
Max Schrems said the Irish watchdog had requested to keep documents confidential and to not even share them with other national counterparts.
"We request the European Commission to act and issue infringement procedures against any member state with legislation that prevents the effective application of the GDPR, with overly complicated and long procedures, or without any effective remedy against delayed procedures," his letter said.
Facebook declined to comment on the DPC process.