It may seem like a somewhat insignificant footnote on Budget Day 2022, but the Irish Data Protection Commission has today secured an additional €4.1 million in funding from the Irish government. This increased funding comes amid staunch criticism leveled at the DPC from commentators and the EU alike.
DPC Secures Additional Budget 2022 Funding
As part of Budget 2022, the Irish government has recognised the importance of data protection in Ireland by allocating an additional €4.1 million to the DPC. This marks a rather astonishing 1121% increase in budget allocation to the DPC since 2014 and 21% since last year alone. Heavy investment is understandable given Ireland’s unique position. As the EU home to companies like Facebook, the DPC is responsible for regulating many large companies from a data protection point of view.
On the additional funding, the Commissioner for Data Protection, Helen Dixon, stated that “as the DPC embarks on the delivery of its ambitious Strategy for 2022-2027, we very much welcome the ongoing recognition of the we very much welcome the ongoing recognition of the Government of the need to adequately resource an independent data protection authority. As societies, government and business become ever more data-driven, careful oversight by the DPC is necessary to ensure the personal-data rights of individuals are factored in and protected. Over the last 12 months, the DPC has significantly increased its enforcement activity as larger investigations have reached conclusion and this work must continue and increase alongside the DPC’s role in guiding organisations on compliance”.
But the question remains, just how good an investment this is by the government?
Is The DPC A Worthwhile Investment?
A couple of years ago, in an old job, I was assigned the job of Data Protection Officer. It was a new requirement for this particular company ahead of GDPR. Little did I know it would be the start of my keen interest in data protection. A couple of months ago, I watched a meeting of the Joint Committee on Justice to discuss the performance of the DPC, at which data protection activist Max Shrems was in attendance. I was shocked at what emerged.
The DPC uses the term “handle” quite a lot and with it comes a massive grey area and questions around just how valuable the DPC as a service. To the DPC, there is no obligation to produce a decision where a complaint has been made. In fact, of the 10,000 complaints reported by the DPC in 2020, the organisation planned to deliver just six or seven decisions this year.
Indeed, I myself am left scratching my head at how remarkable it is that the DPC has been given another large chunk of change given I’ve had a complaint open against the church since mid-2018. Under GDPR, members of the public are entitled to have their data protection rights enforced by national bodies, free of charge and in a reasonable time. Over three years is hardly reasonable.
There are often winners and losers on Budget Day. Considering a press release that went out from the DPC suggests they feel they’ve won today. Unfortunately, it would appear that the taxpayers have lost. The DPC has been held to a minimal level of accountability since GDPR brought increased investment and little has changed since that Joint Committee meeting.
Max Schrems, Chair of noyb put it best when he said, “if you were to tell your boss that you interpreted ‘to handle’ as letting you dump work in the trash, you would probably get fired”. Commenting on the investment, Shrems described the investment as “throwing more cash at a broken organization”.