The Data Protection Commissioner has said concluding investigations that are underway into large multinational tech firms is the number one priority for her office.
Helen Dixon said the Data Protection Commission takes its responsibility as the lead authority for regulating big tech companies that are based in Ireland but operate across the EU very seriously.
Addressing an Institute of International and European Affairs webinar, Ms Dixon defended the speed with which her office is dealing with probes into the data practices of such platforms, which include Facebook, WhatsApp, Instagram and Twitter.
Referring to questions that have been raised across Europe about the pace of enforcement proceedings being taken against large tech companies by the DPC, Ms Dixon said the standard of decision-making and reasoning the Irish courts expect from her office is well clarified.
She said it is objectively the case that what would be acceptable to courts in other member states, would not be accepted in Ireland.
Because Irish law has always provided for the appeal of a DPC decision, her office is uniquely accustomed to litigation.
She said legal reasoning has to be built from the ground up under the new regulatory framework of the General Data Protection Regulation, because of the lack of existing case law or precedents.
The DPC has already taken its first draft decision in relation to a big tech platform to the process of co-decision making among other EU data protection authorities and is already well advanced in relation to the lessons to be learned from that.
She also highlighted the complexities of the data processing processes of some of the platforms the DPC has to investigate, which she added clearly distinguishes these cases from many others.
The DPC is learning and has learned techniques over the past two years which will allow it speed up in future cases.
On the question of whether fines change behaviour, Ms Dixon said the DPC will apply fines as it is required by GDPR to do so.
"But I don't think we can guarantee based on the evidence before us that behavioural changes in organisations are necessarily going to be achieved," she said.
"And so I think there needs to be more realism about what enforcement can deliver."
In relation to an expected judgement from the European Court of Justice on Thursday in a case taken by the DPC against Facebook and Austrian privacy campaigner Max Schrems about the safeguards around the transfer of EU citizens data to the US, Ms Dixon said it was keenly awaited.
She said the DPC anticipates that it will provide a definitive reference point against which the challenges presented by EU to US transfers can be addressed into the future and will bring certainty to bare.
"In short there is a huge amount at stake in terms of these legal transfer mechanisms, but lots to look forward to on Thursday in terms of certainty," she said.
Asked whether her office has sufficient resources to regulate tech companies as lead regulator in the EU, she said it depends on how quickly people anticipate outputs will be generated.
"We have enough resources and the right resources to conclude, but we can't do it all simultaneously and immediately," she said.
She said if people "want it all done, and want it all done quicker," then her office absolutely needs additional resources to do that.
"We can only go at the pace we can go as we balance all the obligatory tasks that we have," she added.
