Yesterday, 26 June 2023, the Irish Council for Civil Liberties (“ICCL”) reported that the Irish Government’s “last minute” amendment to the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 is an effort to “muzzle’’ critics of the Data Protection Commission (“DPC”), which will result in the DPC’s decision-making “even more opaque”.
The amendment provides that the DPC may direct information deemed by it to be confidential and not to be disclosed. Failure to comply with this non-disclosure notice issued by the DPC will be an offence liable on summary conviction to a €5000,00 fine.
In the event that the amendment to the Bill is approved, it is alleged that it will essentially silence people from speaking about how the DPC handles their complaint and from speaking about how Big Tech companies or public companies are misusing their personal data.
The concerns of the ICCL include that there is no explanation concerning what or why information may be deemed confidential. The possibility is present that even information that is not regarded as ‘commercially sensitive’ will no longer be utterable. Furthermore, it will be impossible for journalists to report on Ireland’s General Data Protection Regulation (“GDPR”) supervision of Big Tech companies that have their European headquarters there, including Google, Meta, Apple, Microsoft and TikTok.
Critics of the proposed amendment have argued that if enacted, the amendment may further damage the proper flow of information between the DPC and its peer Data Protection Authorities across the European Union, because the DPC, the lead data protection enforcer across Europe, will have the power to designate as confidential material that should be shared with other European Data Protection Authorities.
Furthermore, this amendment creates the risk of a conflict with imminent European law as the European Commission is currently formulating a new regulation to harmonise the conduct of cross-border GDPR cases.
Max Schrems and noyb have also published an article about the proposed amendment on its website and have stated that the last form of accountability is gone. Judicial action against the DPC has always been very costly and therefore public accountability was often the only way to ensure that the DPC does its job. The proposed amendment, if passed, now criminalizes this last form of accountability. Furthermore, according to Schrems, “no proper public debate or consultation of people that will be affected by such ‘gag orders” has taken place and “the way that this ‘gag order’ law is passed is highly problematic too.”
It is not clear what other European Data Protection Authorities or the European Data Protection Board (“EDPB”) thinks of this proposed amendment or how it will impact the cooperation between the DPC and other Data Protection Authorities when dealing with cross-border GDPR cases.
This Bill is up for final debate tomorrow, 28 June 2023, and the ICCL and Schrems have urged all parties in the Dáil, which forms part of the Irish Government, to challenge the proposed amendment.
This development will be closely monitored and updates will be provided as soon as further information is available.
Does your organization have questions about an investigation from a Data Protection Authority? Contact us, the Experts in Data Privacy at email@example.com for assistance.