Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Jan. 23 --Ireland is preparing for its front-line role in the enforcement of the European Union's proposed new data protection regime, but doesn't expect to make extensive use of the new large fines that might be levied on noncompliant companies under that scheme, Irish Data Protection Commissioner Billy Hawkes said Jan. 23.
Speaking in Brussels at the 7th International Computers, Privacy and Data Protection conference, Hawkes said that fines for data protection infringements would be a “useful addition to the toolbox,” but shouldn't be triggered automatically. The Irish DPA would “use and deploy fines as required.”
Ireland will be prominent in the implementation and enforcement of the pending EU data protection regulation because, under the system currently outlined in the draft regulation, privacy complaints about a company will be handled by the DPA where that company has its main establishment.
Ireland is the European home for a large number of U.S. multinationals, including Internet and social media companies such as Facebook Inc., Google Inc. and LinkedIn Corp., and technology companies, such as Apple Inc., Dell Inc., Hewlett Packard, IBM Corp. and Intel Corp.
However, the resources of the Irish DPA are relatively limited compared with its counterparts in larger EU countries, such as Germany and Poland.
The Irish Data Protection Commissioner doesn't have the power to levy fines under Ireland's national law transposing the EU Data Protection Directive (95/46/EC).
Under the proposed data protection regulation, put forward by the European Commission in January 2012, a uniform regime of sanctions for the EU would be introduced.
The regulation is yet to be finalized by the EU institutions, but the European Parliament's Civil Liberties, Justice and Home Affairs Committee in October 2013 voted in favor of a version of the regulation that would allow DPAs to levy fines of up to 100 million euros ($135.5 million), or 5 percent of a company's annual worldwide revenue (12 PVLR 1817, 10/28/13).
Hawkes said that sanctions currently available to him include enforcement orders requiring companies to desist from behavior that contravene Ireland's Data Protection Act, which can ultimately be backed by court judgments obliging companies to stop data processing operations.
The lack of a power to fine companies doesn't “seriously inhibit” enforcement, Hawkes said.
Hawkes added that the Irish DPA carries out privacy audits of multinationals established in Ireland and generally seeks to pursue a cooperative approach with large data processors.
“Organizations wish to cooperate with us,” and there is a “general anxiety to comply and be seen to comply with the law,” he said.
“The clear enforcement power I want is to order the processing to stop,” in case of violations, Hawkes said in response to a question from Bloomberg BNA.
The Irish DPA is being allocated more resources by Ireland's government in expectation of its expanded role under the data protection regulation, he said. “I'm confident that we will be able to handle this burden.”
The Irish DPA so far has received most complaints about U.S. multinationals from outside Ireland, Hawkes said. It might under the new regulation lose the power to regulate many of the companies “that Irish people care about,” such as banks and telecoms that might be headquartered in another EU member state, he said.
Under the proposed regulation, such companies would be overseen by the DPA in the member state where they have their headquarters, he said.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor on this story: Donald G. Aplin at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)