Search inquiries

Ireland has a special role in the implementation of the General Data Protection Regulation (GDPR) because it hosts most of the ‘big tech’ companies in the European Union. Other Member States’ supervision authorities often depend on the work of the Irish Data Protection Commission to pursue fully personal data issues that concern citizens of their own country.

This makes it particularly important that the European Commission adequately informs itself as to whether the GDPR is properly applied in Ireland in respect of ‘big tech’ companies.  

A range of public bodies and civil society organisations, including the complainant, reported that the application of the GDPR in Ireland was inadequate.

The Ombudsman opened an inquiry to examine whether the European Commission collects sufficient information to monitor Ireland’s implementation of the GDPR.

The Ombudsman’s inquiry brought to light an established practice of the European Commission to examine a regular case overview from the Irish Data Protection Commission on its handling of ‘big tech’ cases. She concluded that this practice is appropriate and in line with good administration. She considered, however, that a number of technical improvements could be made, and made suggestions to that effect.

The case concerned primarily Frontex’s decision not to communicate any more by email with individuals who request public access to documents. Frontex obliges requesters to use its online access portal. This causes problems for requesters, that could easily be avoided, as well as for online transparency platforms that civil society organisations have set up to help further the EU’s aim of working as openly as possible. 

The Ombudsman could not find justifications for Frontex’s decision. She issued a recommendation that Frontex should allow requesters to communicate with it by email, without resorting to its current access to documents portal. She additionally asked Frontex to inform itself of the best practice that the European Commission has identified in this respect for its new public access portal, and to implement this best practice as soon as possible.

The Ombudsman further suggested that Frontex should dedicate the resources that are required for handling the large number of access requests that it is likely to receive on a regular basis going forward. She also suggested that Frontex should draw up a detailed manual on how it handles public access requests, and publish that manual.

Frontex rejected the Ombudsman’s recommendation to allow requesters to communicate with it by email. Frontex also did not respond substantively to the suggestion that it inform itself of, and implement, the related best practice of the European Commission.

The Ombudsman closes the inquiry with a finding of maladministration.

With regard to the Ombudsman’s other suggestions, Frontex stated that it had recently assigned an additional half-time post to the handling of requests for public access to documents, and announced that it will draw up a manual as suggested by the Ombudsman. Earlier in the inquiry, Frontex implemented the Ombudsman’s proposals to revise its copyright statement and to make documents in its public access accounts available for two years. It also agreed to introduce a dedicated email address for submission of appeals.

 

The complainants, a group of civil society organisations, were concerned that the European Commission did not assess human rights risks before providing support to African countries to develop surveillance capabilities, notably in the context of the EU Emergency Trust Fund for Africa (EUTFA). The complainants contended that, before agreeing to support projects with potential surveillance implications, such as biometric databases or mobile phone monitoring technologies, the Commission should have carried out prior risk and impact assessments to ensure that the projects do not result in violations of human rights (such as the right to privacy).

Based on the inquiry, the Ombudsman concluded that the measures in place were not sufficient to ensure the human rights impact of EUFTA projects was properly assessed. To address the shortcomings she identified, the Ombudsman made a suggestion for improvement to ensure that, for future EU Trust Fund projects, there is a prior human rights impact assessment.