European Commission Defends Irish Data Protection Commissioner

2 Minute Read

January 13, 2022

Categories: European Union, International

In a letter addressed to certain members of the European Parliament (“MEPs”), European Commissioner for Justice Reynders refuted some of the criticism that has been raised against the Irish Data Protection Commissioner (“DPC”).

Background

On December 6, 2021, the concerned MEPs sent a letter to Commissioner Reynders to raise concerns about how the DPC enforces the EU General Data Protection (“GDPR”) and applies the GDPR’s cooperation mechanism. The MEPs asked Commissioner Reynders to initiate infringement proceedings against the DPC.

As the lead data protection authority (“DPA”) for various Big Tech companies that have their EU headquarters in Ireland, the DPC has been subject to criticism from various angles over the past years.

Commissioner Reynders’ Response

In his response, Commissioner Reynders defended the DPC against the criticism and stated, among other things, that:

It is too early to come to definitive conclusions as to the efficiency and functioning of the GDPR cooperation mechanism.
The European Commission is taking appropriate actions to monitor the application of the GDPR in EU Member States. As an example, Commissioner Reynders mentioned the ongoing infringement proceedings against the Belgian DPA in connection with its alleged lack of independence.
There is no evidence that the Irish data protection rules have not been respected by the DPC and that the cooperation mechanism has not been applied correctly. Commissioner Reynders referred to the €225 million fine issued against WhatsApp as an example of the DPC’s action to enforce the GDPR. He further reminds the MEPs that not all investigations carried out by DPAs lead to a decision (e.g., the complaint may be withdrawn by the data subject or closed by the DPA). According to the Commissioner, this may explain the low statistics, which the MEPs used in their letter to demonstrate the DPC’s inaction.
Despite being requested to do so by the MEPs, the European Commission is not competent to comment on or launch infringement proceedings against a DPA for the views it expressed on a specific topic (i.e., the question of which data can be processed on the basis of contract in an online context in this case) in the context of discussions at the European Data Protection Board.

Tags: Data Protection Authority, EU Member States, European Commission, European Data Protection Board, European Parliament, GDPR, Ireland

You May Also Be Interested In

2 Minute Read

March 6, 2026

European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

2 Minute Read

February 23, 2026

Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

4 Minute Read

February 3, 2026

European Commission Announces New Cybersecurity Package

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

1 Minute Read

January 29, 2026

Brazil and the European Union Reach Agreement to Recognize Mutual Adequacy in Personal Data Protection

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.

Privacy & Cybersecurity Law Blog

You May Also Be Interested In

Search

Recent Posts

Categories

Tags

Archives