el_pedrodude

Hi Nick

In your opinion are there any structural problems (as opposed to political causes or corruption) with the Irish regulator that significantly contribute towards this apparent lax enforcement of the GDPR?

You note that the regulator describes itself as:

"one of the most strongly resourced data protection authorities in Europe"

But that's a relative statement. It'd be interesting to hear whether you think 140-180 staff is anywhere near enough to deal with these complicated issues and given the density of tech companies in Ireland.

Also, how much coordination is there between the regulator and law enforcement? This type of issue is often highly technical and with the added legal angle I wouldn't be surprised if the poor enforcement performance was due to under-resourcing (although I'm not suggesting that it is, and equally willing to believe there are conflicts of interest, corruption, etc.).

Thanks for your reply Nick (and I forgot to mention that I enjoyed the article in my previous comment).

I get why Facebook is interesting but have you seen any evidence that the DPC's approach towards them is the norm for their regulation of other companies? I.e. Is this systemic?

Also, if you'll permit yet another question, do you know if their "light touch" approach

negotiation over sanctions and lists of questions

has been very cost-effective, since it seems that court cases are risky in Ireland. Or is the regulator generally underperforming?