The Data Protection Commissioner has rejected criticism that her office is too soft on big tech firms, saying that the evidence flies in the face of such claims.
Publishing the commission's annual report, Helen Dixon also expressed concerns that there has been a breakdown in communications with Twitter's Dublin office.
The annual report shows that the Data Protection Commission (DPC) concluded 17 large-scale inquiries last year and imposed record fines in excess of €1 billion.
The bulk of the penalties related to Meta, the parent company of Facebook, Instagram and WhatsApp.
"Two-thirds of the fines issued across Europe last year, including the EU, EEA and UK, were issued by the DPC on foot of detailed and comprehensive investigations, a fact that underlines both the outsized role, and exceptional performance, of the organisation in effectively holding those guilty of non-compliance to account," Ms Dixon said.
In some cases last year, European authorities ordered the DPC to increase its fines against social media companies which led privacy campaigners to accuse the Irish watchdog of being too soft on big tech firms.
"The evidence simply flies in the face of those criticisms," Ms Dixon said.
"In the early days of GDPR we heard a lot of complaints that the DPC wasn't producing results, now the criticism has shifted somewhat and it is that the decisions we are producing are not the right decisions or that the findings are wrong and that really is to miss the point because this is a new area of legal application.
"There are going to be cases that go to legal proceedings and contestation before the courts and ultimately as a quasi-judicial body, our job is to conduct the investigation, find the facts and apply the law.
"Ultimately the courts are teed up to have their say on the issues," Ms Dixon said.
A 'One-Stop Shop' system means that it is the Irish Data Protection Commission that is tasked with investigating big tech firms like Meta and Twitter because their European headquarters are based in Ireland.
Ms Dixon said that the system, in its current form, had created something of a legal maze that requires constant navigation, building an ever more complex landscape for litigators.
She added that the system often does not serve individuals well as a result of the way in which it is constructed.
'Breakdown of communications' with Twitter
The Data Protection Commissioner said she was concerned that Twitter had rolled out its Twitter Blue paid subscription plan in the European Union without consulting her office.
"I think this week we have seen something of a breakdown of communication with the Twitter office in Dublin," Ms Dixon said.
"When Elon Musk took over and new features of the service, such as subscriptions for the blue tick were announced, we were assured that these would not be rolled out in the EU market and we would have an opportunity to engage with Twitter in Dublin before it was rolled out but this is no longer the position.
"The blue tick subscription is now rolling out in Europe so we are urgently and have urgently made contact with Twitter's Data Protection Officer in Dublin.
"We need to understand what decision-making the Dublin office has gone through, what assurances it has satisfied itself are there in terms of protection of EU personal data in this context.
"It is a concern that this feature has rolled out without any engagement with our office.
"We had hoped and would have understood that we would have had engagement in advance of this being rolled out," Ms Dixon added.
Two TikTok investigations being conducted
The commissioner would not comment on the EU's decision to ban TikTok from official devices, nor would she give an opinion on whether the Irish Government should consider similar measures.
"Broader matters of espionage go beyond what we would be looking at in terms of compliance with GDPR," Ms Dixon said.
Her office is carrying out two investigations into TikTok.
One relates to the processing of children's data, which should be concluded in around three months' time.
The other inquiry is looking at the transfer of personal data by TikTok to China.
"In terms of the investigation into transfers to China, that is now significantly advanced," Ms Dixon said.
"We will be submitting to TikTok relatively soon a preliminary draft decision for their final submissions before we send it off to our counterparts in the EU," she added.
Extra staffing for DPC not yet advertised
Last year, the Government announced plans to appoint two additional Data Protection Commissioners but the roles have not yet been advertised.
"I met with the Minister for Justice Simon Harris in recent weeks and he told me that the Department is liaising with the Department of Public Expenditure and Reform in terms of ultimately advertising to recruit those two new commissioners," Ms Dixon said.
The DPC received an extra €3 million in its budget for this year and will recruit an additional 50-60 staff.
While it was investigations and fines against big tech companies that generated most of the headlines, the DPC also handled thousands of smaller, individual complaints last year.
The commission concluded more than 10,000 cases in 2022.
Issues included concerns over neighbours' CCTV cameras, data security problems in banking and healthcare, as well as correspondence being misdirected to the wrong recipients.
