The complainant, a civil society organisation, raised concerns about how the European Commission is monitoring the application of the EU’s General Data Protection Regulation (GDPR) in Ireland, in particular that the Commission does not gather sufficient information to effectively monitor the situation. This is particularly important as many of ‘big tech’ companies have their EU headquarters in Ireland, and Member States’ supervision authorities often depend on the work of the Irish Data Protection Commission to pursue fully personal data issues that concern residents of their countries.

The Ombudsman’s inquiry demonstrated that the European Commission has in place a practice to examine a regular overview from the Irish Data Protection Commission on how it deals with cases concerning the compliance of ‘big tech’ companies with the GDPR. She concluded that this practice is appropriate and represents good administrative practice. However, she identified certain improvements that the Commission could make to the practice.