Ireland Looks To Enforce Confidentiality For Data Protection Procedures

The Irish government made an addition to a bill that permits the Irish Data Protection Commission (DPC) to classify their procedures as confidential.

According to Euractiv, the Data Protection Commission is the primary authority in cross-border data protection cases, as many major technology companies have their European headquarters located in Ireland.

The provision was added to the ‘Courts and Civil Law (Miscellaneous Provisions) Bill 2022’ by Minister of State James Browne as a last-minute amendment.

The provision, if approved, would grant the privacy watchdog the authority to prevent the disclosure of confidential information pertaining to complaints, investigations, and inquiries in order to preserve the credibility of the investigation.

Related: Ireland’s Data Protection Commission Begins Inquiry Into Facebook

The Irish regulator of civil society has been criticized by members for their perceived lack of enforcement of the EU General Data Protection Regulation (GDPR).

After publishing a draft decision on a case involving Meta, a digital rights non-profit organization called NOYV was asked by the Dublin-based authority to remove it and not disclose any further information about the case.

“You cannot criticize an authority or big tech companies if you are not allowed to say what’s going on in a procedure. By declaring every tiny piece of information ‘confidential’, they try to hinder public discourse and reporting,” said activist and NOYB founder Max Schrems.

The data protection regulations within the EU specify that confidentiality obligations only apply to regulatory employees and not to other parties involved in investigations, including complainants.