This is quite something to read. The Irish data protection authority is where most GDPR complaints against US tech companies like Facebook end up, because the European activities of these companies are registered there. It has been quite clear in the past few years how enormously slow the Irish DPA has been in dealing with those complaints. Up to the point where the other DPA’s complained about it, and up to the point where the European DPA intervened in setting higher fine levels than the Irish DPA suggested when a decision finally was made. Now noyb publishes documents they obtained, that show how the Irish DPA tried to get the other national DPA’s to accept a general guideline they worked out with Facebook in advance. It would allow Facebook to contractually do away with informed consent by adding boiler plate consent to their TOS. This has been the FB defense until now, that there’s a contract between user and FB, which makes consent unnecessary. I’ve seen this elsewhere w.r.t. to transparency and open data in the past as well, where government entities tried to prevent transparency contractually. Contractually circumventing and doing away with general legal requirements isn’t admissable however, yet that is precisely what the Irish DPA attempted to make possible here through a EU DPA Guideline.

Reading this, the noticeable lack of progress by the Irish DPA seems not to be because of limited resources (as has been an issue in other MS), but because it has been actively working to undermine the intent and impact of the GDPR itself. Their response to realising that adtech is not workable under the GDPR seems to be to sabotage the GDPR.

The Irish DPA failed to get other DPA’s to accept a contractual consent bypass, and that is the right and expected outcome. That leaves us with what this says about the Irish DPA, that they attempted it in the first place, to replace their role as regulator with that of lobbyist:

It renders the Irish DPA unfit for purpose.