How the European Commission responded to concerns that it collects insufficient information about Ireland's implementation of the EU's General Data Protection Regulation (GDPR)
Kanteluasia 97/2022/PB - Tutkittavaksi otetut kantelut, pvm Torstaina | 10 helmikuuta 2022 - Toimielin, jota kantelu koskee Euroopan komissio
Ms Ursula von der Leyen
I have received a complaint against the European Commission from the Irish Council for Civil Liberties (ICCL) and have decided to open an inquiry.
The complainant expresses the concern that the Commission has not gathered sufficient information to monitor the application of the EU’s General Data Protection Regulation (GDPR) in Ireland. This is what the present inquiry is about, namely whether the Commission has taken adequate steps to collect sufficient information about the facts. The ICCL has recently been in contact with the Commission on this issue.
The complainant is also concerned, more broadly, that the European Commission is not doing enough to ensure that the GDPR is applied. I am not inquiring into that concern. I have informed the complainant that the Commission enjoys wide discretion in deciding whether and when to commence an infringement procedure. Regarding the substance of an infringement complaint, the Ombudsman may intervene (by asking the Commission to look at the complaint again) only in case there is an indication that the Commission was manifestly wrong in its presentation of the facts or of law.
I am inquiring into the complainant’s specific concern for the following reasons: questions are bound to arise in the minds of citizens if different factual accounts circulate regarding the implementation of this important legislation. Public bodies, along with civil society organisations, report that the application of the GDPR in Ireland is inadequate, whereas the Commission’s recent reply to the complainant in this case appears to suggest that there is no evidence of this.
I therefore consider it appropriate to ask the Commission to provide a detailed and comprehensive account of the information that it has so far collected to inform itself as to whether the GDPR is applied in all respects in Ireland.
I would be grateful if, in providing me with such an account, the Commission could also address the specific points raised by the complainant on the issue of information gathering. It would be helpful if the Commission could include explanations of how and from what sources it gathers the information.
Please note that I am likely to send your reply and related enclosures to the complainant for comments.
I would be grateful to receive the Commission’s reply by 15 May 2022.
Please finally note that, if the above-mentioned information is contained in a very large and/or complex file, and the Commission would consider that an early on-site inspection-meeting might therefore be desirable, please contact my office as soon as possible in that regard. The inquiries officer is Mr Peter Bonnor.
 Cf. letter of 1 December 2021 from Commissioner Reynders to the complainant (ref. Ares S(2021)8354751). The Ombudsman is also aware of Commissioner Reynder’s recent letter to MEPs on this issue (Ares S(2021) 8673573).
 If you wish to submit documents or information that you consider to be confidential, and which should not be disclosed to the complainant, please mark them ‘Confidential’. Encrypted emails can be sent to our dedicated mailbox. Information and documents of this kind will be deleted from the European Ombudsman’s files shortly after the inquiry has ended.