The controversial amendment allowing the Data Protection Commission (DPC) to declare documents about procedures and possible privacy violations confidential has been passed by the Irish Parliament. The Austrian privacy foundation Noyb is not pleased with the course of events and calls the change in law’ contrary to Irish and European law’. The foundation fears that the adoption of the amendment will further strain cooperation between national supervisors.
Max Schrems, chairman of Noyb, says this in a response.
The controversial amendment in a nutshell
This week, the privacy foundation from Austria reported that the Irish parliament would consider a controversial amendment to the Data Protection Act this week. This allows the Irish regulator to declare documents’ confidential’ in cases of possible privacy violations. Individuals and organizations that disclose this information may be punished for doing so.
Prior to the debate, Noyb strongly criticized the amendment to the law. “You cannot criticize an authority or large tech companies if you are not allowed to say what happens in a procedure. By declaring every minute information ‘confidential’, they try to hinder public debate and reporting.”
According to Schrems, the amendment is nothing more than an attempt by the Irish privacy watchdog to silence Noyb. He sees the amendment as a restriction on freedom of expression.
Collaboration may come under pressure
Despite Noyb’s call for the amendment to be rejected, a majority of the Irish Parliament voted in favour. That did not go without a fight: during the debate, the opposition asked the Minister of Justice James Browne critical questions about the consequences for freedom of expression, cooperation with national regulators and the geographical application of the amendment.
Schrems is afraid that cooperation with the European Data Protection Board (EDPB) and data protection authorities in EU member states will come under pressure. Where they were used to giving unlimited access to documents, Schrems fears that the DPC will declare entire procedures’ confidential’. The Irish regulator may use the ‘gag orders’ to block current and new cases against tech companies.
Noyb fears lawsuits over procedures rather than privacy violations
According to Noyb, it is clear that European privacy legislation is superior to the Irish amendment to the Data Protection Act. The fact that Irish criminal law is only limited to Ireland means that the DPC cannot impose a silence ban outside its own country. That means that Noyb is likely to only disclose certain information outside of Ireland.
Nevertheless, Schrems fears that the Irish regulator will also try to enforce the adopted amendment outside Ireland. “This will only lead to more and more lawsuits over procedures, rather than getting things done,” said the president of the Austrian privacy foundation.
Noyb says he is looking at all options but refuses to “bow to an unconstitutional local law.”