Dr Johnny Ryan

In a new report published today, ICCL said Ireland’s Data Protection Commission (DPC) is failing to enforce the GDPR against Big Tech despite an increase in resources.

Since the GDPR came into effect almost five years ago, the DPC has only eight finalised decisions in big investigation cases, the report highlights.

It goes on to argue that the Irish DPC is out of step with its European colleagues, with the European Data Protection Board (EDPB) imposing tougher sanctions in 75 per cent of the DPC’s decisions on investigative EU cases.

Official EU data shows there were only 49 compliance orders and 28 fines under the GDPR by late 2022.

The primary issue is not a lack of funding, it adds, as Europe’s GDPR enforcers now have a combined budget of €337.6 million, with Ireland’s budget having risen dramatically to become the fifth largest in the EEA.

Dr Johnny Ryan, senior fellow at ICCL and author of the report, said: “Five years on, the data now show a stark failure to enforce the GDPR — particularly against Big Tech.

“That failure exposes everyone to serious digital hazards: discrimination, manipulation, information distortion, and invasive AI. We urge the European Commissioner for Justice, Didier Reynders, to finally take action.”