The Irish government is seeking two additional commissioners to join the Data Protection Commission (DPC), which oversees major tech firms’ compliance with the European Union’s data protection rules. The DPC is responsible for enforcing the General Data Protection Regulation (GDPR) and has the power to impose significant fines for infringements. The new commissioners will work alongside current commissioner Helen Dixon, who will become chair under the new structure. The Irish DPC plays a crucial role in GDPR enforcement due to the presence of many tech giants in the country, including Apple, Google, and Meta. The deadline for applications is October 19, and the appointments will be made by the Irish Top Level Appointments Committee.
The new commissioners will face a challenging workload and criticism of the DPC’s approach to GDPR enforcement. Privacy experts have accused the regulator of being lenient and failing to properly address the impact of platform power on citizens’ rights. While the DPC has made significant decisions against tech companies, including fines for TikTok and Meta, its draft decisions have often faced criticism and led to higher fines from other authorities. Privacy rights group noyb has accused the DPC of shrinking liability for the companies it oversees, and the Irish Civil Liberties Board has sued the DPC for inaction on a complaint against Google. The European Commission has also increased its monitoring of GDPR enforcement, and proposed reforms to make cross-border cases more efficient and harmonized.
The Irish Civil Liberties Board has long called for multiple commissioners within the DPC, and while it welcomed the appointment of new commissioners, it emphasized the need for further reforms. The board will urge the Irish Top Level Appointments Committee to consider conflicts of interest and involve human rights experts in the appointment process. Concerns have been raised about the lack of an independent review of the DPC, which could hinder the new commissioners’ ability to address the regulator’s shortcomings. The ICCL believes that additional reforms are necessary to strengthen the DPC’s enforcement of data protection rules.