Ireland has their own data protection act which largely mirrors the GDPR. I first have to wonder why. Why rewrite an EU regulation, if not to do something twisted? IIUC, Ireland is part of the EU thus automatically obligated to enforce the full GDPR as-is. (Unlike Great Britain, who left the union but decided voluntarily to keep the GDPR, so they had to mirror it and rewrite some parts that are irrelevant to an EU outsider). Or is Ireland somehow outside the EU too, yet with the Euro?
Art.18, the right to restriction of processing, has been expanded from a ½ page to several pages full of loopholes and exceptions watered down to the point of data subjects not really getting this right.
Art.21, the right to object, has been torn out completely (not mirrored at all), but there is a blurb about removing the right to object specifically giving policians an exemption on election matters, and postal service matters.
If they add a restriction on the right and say nothing more on it, then I suppose that implies the art.21 right is otherwise in force, correct? It’s bizarre because other GDPR sections have been redundantly rewritten to very similarly reflect the GDPR. So I’m trying to make sense of what it means when redundancy is in place sometimes and not others. And what happens when a redundant section of code has a silent omission with no language to explicitly state intent to dishonor the omitted part.
There are some peculiar omissions from the duty of data processors as well.
I have not read it completely but I did not notice any Irish law that strengthens data protection. I only see shenanigans that work against data subjects.
Is it fair to say that tech giants love Ireland and put their HQ there for tax purposes, where the EU’s version of Silicon Valley is expected to be established, which then effectively pressures Ireland to weaken the GDPR as much as possible to maintain that attraction?