On June 30, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its comments on the Irish Data Protection Commissioner’s (“DPC”) consultation on its Draft Regulatory Strategy for 2021-2026, in which the DPC sets out its vision for the next five years.
CIPL’s contribution calls for:
- Further elaboration on how the DPC considers effective regulation and behavioral economics in its strategic thinking;
- More explicit acknowledgment of the GDPR’s risk-based approach in implementation and enforcement;
- References to the importance of a regulatory approach that is evidence-based and results-focused;
- Clarification that all of the “Strategic Goals” are equally important and inter-dependent;
- Consideration of the need for consistency with other applicable regulatory regimes, and the need to establish liaison relationships with other national regulators;
- Inclusion of a reference to settlements and how they may be used, as well as case studies;
- Further information on the DPC’s plans to seek clarification and consistency on procedures under the One-Stop-Shop mechanism;
- Additional details on how the DPC proposes to take a strategic overall approach to enforcement that is not systematically driven by individual complaints; and
- Adoption of guidance on the fines structure and aggravating and mitigating factors to be taken into account, including rewarding organizations that invest in privacy programs and go beyond legal requirements.