The Irish Data Protection Commission (DPC) has described as "utterly untrue" claims that it lobbied members of the European Data Protection Board (EDPB) to adopt guidelines that would have endorsed a disputed data collection policy used by Facebook.

The commission has also denied it acted in bad faith by holding talks with Facebook in a manner that it has been claimed by privacy campaigners sought to subvert the procedures of the EDPB.

The allegations have prompted members of a European Parliament committee to write to the European Commissioner for Justice, Didier Reynders, and the Irish Minister for Justice, Helen McEntee, seeking answers to a range of questions about the DPC's performance.

The MEPs claim that by last September, three years after the GDPR came into force, the DPC had failed to send draft decisions to the other data protection authorities on 98% of 164 major EU-wide cases for which it is responsible as lead supervisory authority.

The developments follow allegations made against the DPC in recent days by NOYB, the organisation run by Austrian privacy campaigner Max Schrems.

He claimed that documents, released under the Freedom of Information Act, showed the DPC tried to lobby other European data protection authorities for the adoption of a General Data Protection Regulation (GDPR) "bypass" approach to user data collection.

According to Mr Schrems, the "freedom of contract" approach would have allowed data controllers to put a clause into their terms and conditions, to make the harvesting of data necessary for a contract, in effect bypassing the consent requirement under GDPR.

But Mr Schrems claimed the documents also showed that the reaction of other data protection authorities to the proposal was extremely negative, and ultimately the approach was not adopted in the guidelines drawn up by the EDPB subgroup, which was led by the DPC.

Max Schrems

However, in its lengthy statement today rejecting Mr Schrems allegations as untrue, the DPC said the claims reveal a lack of "any kind of basic understanding of the workings of the EPDB, and how, through an iterative process, divergent views relating to complex issues of principle are typically reconciled through dialogue, and through respectful and mature engagement."

It added that an early working document presented in isolation only serves to identify the range of views under discussion at one moment in time.

The DPC acknowledged that the position it ultimately put forward on the issue of contract at the working group was not acceptable to many in the group and it became clear a consensus could not be built.

"At that point, respectful of the views of its colleagues, the DPC prepared a further iteration, adopting the views of the majority," the statement said.

A draft DPC decision in the related case involving Facebook and Mr Schrems, which was recently published by Mr Schrems, indicates the commission still thinks Facebook could lawfully adopt the freedom of contract approach.

The DPC's approach also appeared to receive some backing in a recent decision by the Supreme Court in Austria, which has referred key issues in the case for a ruling by Europe's top court.

The DPC also described as "absolutely incorrect and without basis in fact" a suggestion that its position on the proposals had been negotiated or jointly developed in conjunction with Facebook.

"To be clear, the DPC does not and never has, endorsed, jointly developed, approved or in any other way assented or consented to a controller's or processor's policies or position in relation to compliance with its data protection obligations," it said.

It said it had, as part of its supervisory functions, met with Facebook in late 2017 and March 2018 to receive updates and provide feedback on the company's GDPR preparation programme - something it had done with many other bodies and was required to under the law.

The DPC statement came as four MEPS who are members of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs wrote to the EU Justice Commissioner and the Irish Minister for Justice.

Sophie in 't Veld, Tineke Strik, Birgit Sippel and Cornelia Ernst claimed enforcement of the GDPR is seriously hampered because of the alleged slow pace of decisions coming from the DPC.

"Trust in the EU and in its ability to ensure that EU law is properly applied, risks being seriously undermined," they wrote.

They set out a range of questions about how the proper application and enforcement of GDPR is measured and evaluated.

The MEPs also asked whether the Commission considers that the GDPR is being properly applied and enforced in Ireland and whether infringement proceedings should be started against Ireland over the issue.

"Does the Commission share our view that if no serious change is made in Ireland with regards to GDPR enforcement, it risks losing trust among citizens that the Commission is able to uphold the Treaties and protect them against violations of their data protection rights?" their letter states.