skip to main content

Ombudsman finds EU monitoring over Irish data 'appropriate'

EU Ombudsman Emily O'Reilly has made a series of suggestions on how to improve the bi-monthly overview process
EU Ombudsman Emily O'Reilly has made a series of suggestions on how to improve the bi-monthly overview process

The EU Ombudsman has concluded an investigation into the European Commission's monitoring of the application of data protection rules in Ireland.

Ombudsman Emily O'Reilly found that the Commission's practice of obtaining a bi-monthly overview from the Irish Data Protection Commission on its handling of "big tech" cases, including cross border cases, is appropriate and in line with good administration.

"In the absence of this measure, the Ombudsman would have had serious doubts as to the adequacy of the information that the European Commission relies on," the report states.

The Ombudsman has made a series of suggestions on how to improve the bi-monthly overview process.

Ms O'Reilly has also recommended that the European Commission, in its next report on the application of the General Data Protection Regulation (GDPR), provides an account of its practice of receiving regular case overviews from the Irish Data Protection Commission, and in it give as much non-confidential information as possible.

The Ombudsman launched the investigation in February following a complaint to her office from Dr Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties (ICCL).

He had expressed concerns about the European Commission's monitoring of Ireland's application of data protection rules.

Today, the ICCL gave its response to the conclusion of the investigation.

"We hope this will lead to improvement in the European Commission's monitoring of Ireland’s application of the GDPR", said Liam Herrick, Executive Director of ICCL.

In June, the Commission issued its reply to the Ombudsman describing as "unfounded" claims that it does not collect sufficient information to monitor Ireland's application of the GDPR.

GDPR is an EU regulation that came into effect in May 2018 which imposes strict requirements on the collection, use and storage of personal data.