How Ireland Missed Its Chance To Be The ‘Super Organizer’ Of Big Tech

Many of the largest US technology companies in Europe are headquartered in Dublin.

Artur Widak | Norfoto | Getty Images

Upcoming EU rules forcing big tech companies to monitor online content will be enforced more aggressively by the European Commission, a move experts say will diminish the role Ireland has played so far in overseeing the region’s digital giants.

Since 2018, Ireland’s Data Protection Commission has been the main privacy watchdog that oversees the likes of parent company Facebook Meta and Google under the European Union’s General Data Protection Regulation, which aims to give consumers more control over their data.

This is because many of the largest US tech companies, including Meta, Google and Microsoft, have chosen Dublin for their European headquarters, in large part due to Ireland’s favorable tax system.

But Ireland’s DPC has faced criticism over the years for being slow to conduct major privacy investigations, and for failing to impose many large fines.

“Ireland remains a severe obstacle to GDPR enforcement,” Paul Olivier Dehai, CEO of data protection-focused startup Hestia.ai told CNBC.

Ireland’s DPC said such criticisms are incomplete and lack context.

However, with the recently approved Digital Services Act, Ireland will not be at the center of the EU’s crackdown on big tech companies. Combined with Brussels’ new antitrust framework, the Digital Markets Act, the rules represent the most significant Internet policy reforms in the bloc’s history.

Expected to come into effect by 2024, the DSA will require large online platforms to quickly remove illegal material such as hate speech or child sexual abuse material, or risk billions of dollars in fines.

How did we get here?

The original text of the DSA Act was to give authorities in individual member states the ability to sanction the largest internet platforms based in those countries for violations, such as the General Data Protection Regulation (GDPR).

But EU members rejected it, worried it could lead to delays in enforcement. Ultimately, the European Commission – the EU’s executive arm – was given enforcement powers instead.

“We warned the government about this a year ago,” Johnny Ryan, senior fellow at the Irish Civil Liberties Council, told CNBC. “This has been clearly marked for a long time.”

Companies that violate the new rules face potential penalties of up to 6% of their global annual revenue. For a company like Meta, that could mean a fine of up to $7 billion. This is actually less than the maximum fines of 10% enforceable under the GDPR.

The problem is that imposing such exorbitant fines means the risk of facing costly appeals from tech companies. Critics, from EU officials to privacy activists, say the Irish DPC is ill-equipped to deal with such negative setbacks. According to the ICCL, the DPC has made judgments in only 2% of cases at the EU level since the GDPR came into force.

A DPC spokesperson said: “I would like to note that we recently published three separate reports, our annual report for 2021, a report on handling cross-border complaints under the GDPR, and an independent audit report conducted by internal auditors, all of which show that Irish DPC is performing It is clear regarding its application of the General Data Protection Regulation.”

So far, more than €1 billion in fines have been imposed since the GDPR came into force. The biggest came last year from Luxembourg’s data watchdog, which fined Amazon 746 million euros for breaching union rules. Ireland’s GDPR fine of 225 million euros against WhatsApp was the second largest. Both companies are appealing related decisions.

Ireland could have been the center of the world. It could have been the super regulator.

Johnny Ryan

Senior Fellow, Irish Civil Liberties Council

The Irish government insisted the country would “play a critical role” in implementing the DSA.

“The DSA provides a network of national authorities and the European Commission, which work together, share information and conduct joint investigations,” a spokesperson for the Ministry of Enterprise, Trade and Employment told CNBC.

The spokesperson added that while the Commission will act as the primary outlet for companies like Meta and Google in cases of “systemic” risk, Ireland and other EU countries “will be responsible for all other obligations in the DSA”.

‘breaking moment’

Owen Bennett, Mozilla’s senior director of public policy, said the development represented a “watershed moment” for Big Tech’s stewardship in the European Union.

“Ireland was for many years the de facto European regulator for almost all of the big tech companies,” Bennett told CNBC. “DSA creates a new precedent for centralizing Big Tech oversight in Brussels, rather than Dublin.”

“I would be surprised if this does not become a trend in the coming years, with the European Commission taking a more prominent role in enforcing rules against big tech companies,” he added.

The European Commission will also be the sole enforcer of the Digital Markets Law, which seeks to prevent so-called “internet vigilantes” from harming competition. Google is prohibited from giving preference to its services over those of a competing search engine, for example.

Under the DMA, companies can be fined up to 10% of their global annual turnover for breaking the rules. This may rise to as much as 20% for repeated violations.

“Ireland could have been the center of the world,” Ryan said. “It would have been the big regulator, the super enforcer — basically the decision-making center for these companies.”

“Unfortunately, that will not happen.”

The European Union has led the way in introducing new digital regulations, and now governments in the US, UK and elsewhere are racing to catch up.

In Washington, President Joe Biden’s administration has enlisted prominent critics from big tech companies to lead an antitrust crackdown on companies, while in Britain, Prime Minister Boris Johnson’s government is pushing through its own high-profile digital reforms.

Leave a Comment