The European Parliament’s Committee on Civil Liberties heard Helen Dixon, Irish Commissioner for Data Protection, on Tuesday 23 May on the subject of TikTok. The meeting took place in the wake of Meta Ireland being fined for non-compliance with the GDPR Regulation (see EUROPE 13185/4).
TikTok
Ms Dixon confirmed that the Chinese platform is the subject of two Irish Data Protection Commission (DPC) investigations: one into the processing of children’s data, the other into the transfer of personal data from the EU to China. While Ireland was only designated as the “lead authority” responsible for enforcing the GDPR at the end of 2020 for the social network, the procedures are still ongoing.
Asked by Karolin Braunsberger-Reinhold (EPP, Germany) why data continues to be transferred to China despite the lack of information about its processing, Ms Dixon referred to an EU Court of Justice ruling which obliges data protection authorities to “address transfers under standard contractual clauses, case by case”.
Review of the CPD
Ms Dixon also used her presence at the European Parliament to defend the CPD, which is sometimes seen as complacent towards large technology companies (see EUROPE 13184/24). In 2022, the CPD was responsible for two-thirds of the enforcement actions in the EU and imposed “over a billion euros in fines”, including on ‘Big Tech’, she insisted.
Despite the €1.2 billion fine imposed on Meta Ireland, Birgit Sippel (S&D, German) deplored the generally low financial penalties in relation to the profits of the targeted companies. Here, Ms Dixon stressed that, in addition to fines, an infringement procedure can also result in “a whole range of corrective measures“, or a combination of both.
Finally, Dixon said that the “CPD greatly looks forward to what it hopes will be a new administrative harmonization act for the GDPR”. The European Commission's proposal on the subject is expected this summer. (Original version in French by Hélène Seynaeve)