How Ireland has lost the chance to become Big Tech’s “super regulator”

Many of the largest US technology companies have their European headquarters in Dublin.

Arthur Widak | Nurphoto | Getty Images

New EU rules forcing Big Tech to control internet content more aggressively will be enforced directly by the European Commission, a move that experts say will diminish the role Ireland has played so far in overseeing digital giants in the region. .

Since 2018, the Irish Data Protection Commission has been the primary privacy guarantor overseeing companies of the caliber of Facebook’s parent company. A half Other Google under the European Union General data protection regulationwhich aims to give consumers more control over their data.

This is because many of the largest US tech companies, including Meta, Google, and Microsoftthey chose Dublin as their European headquarters, thanks in large part to the Irish one favorable tax regime.

But the Irish DPC has he faced criticism over the years for being slow to carry out major privacy investigations and failing to inflict many substantial fines.

“Ireland remains a major obstacle to GDPR enforcement,” Paul-Olivier Dehaye, founder of Personal Data, a Swiss non-profit focused on online privacy, told CNBC.

For its part, the Irish DPC stated that these criticisms are incomplete and lacking in context.

Yet, with the recently passed digital services law, Ireland will no longer be at the center of the EU crackdown on Big Tech. Alongside the new antitrust framework in Brussels, the Law on digital marketsthe rules represent the most significant reforms of Internet politics in the history of the bloc.

The DSA, which is expected to go into effect by 2024, will require large online platforms to quickly remove illegal material such as hate speech or child pornography, or risk multibillion-dollar fines.

How did we get here?

The original text of the DSA would have given the authorities of individual countries the ability to sanction large online platforms for violations.

EU Member States rejected this issue, worried that it could lead to delays in enforcement. And finally, the European Commission, the executive arm of the EU, was given executive powers.

“We notified the government about this a year ago,” Johnny Ryan, a senior member of the Irish Council for Civil Liberties, told CNBC. “This has clearly been signed for quite a while.”

Companies that violate the new rules face penalties of up to 6% of their global annual turnover. For a company like Meta, this could mean a fine of up to $ 7 billion. It is actually less than the maximum fine of 10% applicable under the GDPR.

The problem is that imposing such hefty fines means running the risk of facing costly appeals from tech companies. Critic, from EU officials to privacy activists, they say the Irish DPC is not equipped to deal with this backlash.

A spokesperson for the DPC said: “I would like to point out that we have recently published three separate reports, namely our annual report for 2021, a report on the handling of cross-border complaints under the GDPR and an independent audit report conducted by our auditors. internal, which all demonstrate that the Irish DPC is clearly delivering in terms of GDPR enforcement. “

More than € 1 billion in penalties have been inflicted since the entry into force of the GDPR. The biggest came from last year Luxembourg data watchdogthat he found Amazon 746 million euros for violating the blockade rules.

Ireland could have been the center of the world. It may have been the super regulator.

Johnny Ryan

Senior Fellow, Irish Civil Liberties Council

of Ireland 225 million in GDPR fine against WhatsApp it was the second largest. Both companies challenge their respective decisions.

According to the ICCL, the DPC has only issued judgments in 2% of cases at EU level since the entry into force of the GDPR.

The Irish government has insisted that the country “will play a crucial role” in the implementation of the DSA.

“The DSA provides a network of national authorities and the European Commission, which cooperate, exchange information and conduct joint investigations,” a spokesperson for the Department of Business, Commerce and Employment told CNBC.

‘watershed moment’

Owen Bennett, Mozilla’s senior public policy manager, said the development represented a “watershed moment” for oversight of Big Tech in the EU.

“Ireland has been the de facto European regulator for nearly every major tech company for many years,” Bennett told CNBC. “The DSA creates a new precedent for centralizing Big Tech oversight in Brussels rather than Dublin.”

“I would be surprised if this didn’t become a trend in the years to come, with the European Commission taking a bigger role in enforcing the rules against Big Tech.”

The European Commission also wants to be the sole executor of the Law on digital markets, which seeks to prevent the Internet’s so-called “gatekeepers” from harming the competition. Google would be prohibited from giving preference to its own services over those of a rival search engine, for example.

Under the DMA, companies could be fined up to 10% of their global annual turnover for breaking the rules. This can go up to 20% for repeated violations.

“Ireland could have been the center of the world,” said Ryan. “He could be the super regulator, the super guardian, basically the center of decision making for these companies.”

“Unfortunately it won’t happen.”

The EU has pioneered the introduction of new digital regulations and now governments in the US, UK and elsewhere are racing to catch up.

In Washington, President Joe Biden’s administration has tapped prominent Big Tech critics to lead an antitrust crackdown on companies, while in Britain the government of Prime Minister Boris Johnson is carrying out major digital reforms by itself.