Many of America’s largest technology companies have European headquarters in Dublin.
Arthur Vidak Nurfoto | Getty Images
Incoming EU rules, forcing big technologies to control Internet content more aggressively, will be enforced directly by the European Commission, a move that experts say will reduce Ireland’s role in overseeing the region’s digital giants.
Since 2018, the Irish Data Protection Commission has been the main privacy body overseeing Facebook-like parent company Meta and Google under the European Union’s General Data Protection Regulation, which aims to give consumers more privacy. great control over their data.
This is because many of the largest US technology companies, including Meta, Google and Microsoft, have chosen Dublin as their European headquarters, due in large part to Ireland’s favorable tax regime.
But the Irish DPC has faced criticism over the years for slowly conducting large-scale confidentiality investigations and not imposing very significant fines.
“Ireland remains a major obstacle to the implementation of the GDPR,” Paul-Olivier Dehai, founder of Personal Data, a Swiss non-profit organization focused on Internet privacy, told CNBC.
For its part, the Irish DPC said such criticisms were incomplete and had no context.
However, with the recently approved Digital Services Act, Ireland will no longer be at the center of EU pressure on high technology. Along with Brussels’ new antitrust framework, the Digital Markets Act, the rules represent the most significant Internet policy reforms in the bloc’s history.
The DSA, which is expected to take effect by 2024, will require large online platforms to quickly remove illegal material, such as hate speech or child sexual abuse material, or risk fines of several billion dollars.
The original text of the DSA would give the authorities in individual Member States the opportunity to punish the largest online platforms based in those countries for infringements.
But EU members have rejected it, worried it could lead to delays in implementation. Eventually, the European Commission – the EU’s executive – was given implementing powers.
“We warned the government about this a year ago,” Johnny Ryan, a senior fellow at the Irish Civil Liberties Council, told CNBC. “It’s been clearly marked for a long time.”
Companies that break the new rules face potential sanctions of up to 6% of their global annual revenue. For a company like Meta, that could mean a fine of up to $ 7 billion. This is in fact lower than the maximum 10% of fines applicable under the GDPR.
The problem is that imposing such huge fines means taking the risk of costly appeals from technology companies. Critics, from EU officials Defenders of Privacy say Ireland’s DPC is not well prepared to deal with such a backlash. According to the ICCL, the DPC has ruled in only 2% of cases across the EU since the entry into force of the GDPR.
A DPC spokesman said: “I would like to note that we have recently published three separate reports, namely our annual report for 2021, a report on the processing of cross-border complaints under the GDPR and an independent audit report carried out by our internal auditors, all of which demonstrate that the Irish DPC is clearly achieving results in the implementation of the GDPR. “
So far, more than 1 billion euros have been sanctioned since the entry into force of the GDPR. The biggest was last year by the Luxembourg Data Observatory, which fined Amazon 746 million euros for violating the bloc’s rules.
Ireland’s fine of 225 million GDPR against WhatsApp was the second largest. Both companies are appealing the respective decisions.
The Irish government has insisted that the country will “play a crucial role” in implementing the DSA.
“The DSA envisages a network of national authorities and the European Commission to cooperate, exchange information and conduct joint investigations,” a spokesman for the Ministry of Enterprise, Trade and Employment told CNBC.
While the Commission will act as the main executive for “system” companies such as Meta and Google, which have millions of users across the bloc, Ireland and other EU countries “will be responsible for all other obligations in the DSA”, the spokesman added.
Owen Bennett, senior public policy manager at Mozilla, said the development was a “turning point” for the surveillance of major technologies in the EU.
“Ireland has been the de facto European regulator for almost all major technology companies for many years,” Bennett told CNBC. “The DSA is setting a new precedent for centralizing the surveillance of high technology in Brussels, not Dublin.”
“I would be surprised if this does not become a trend in the coming years, with the European Commission taking a more important role in enforcing rules against high technology.”
The European Commission will also be the sole contractor for Digital Markets Act, which aims to prevent the so-called “gatekeepers” from harming the competition. Google will be prohibited from giving preference to its services over those of a competing search engine, for example.
According to the DMA, companies can be fined up to 10% of their global annual turnover for violating the rules. This can increase up to 20% for multiple violations.
“Ireland could be the center of the world,” Ryan said. “This could be the super regulator, the super contractor – mainly the decision-making center for these companies.
– Unfortunately, this will not happen.
The EU has taken the lead in introducing new digital regulations, and governments in the United States, the United Kingdom and elsewhere are now vying to catch up.
In Washington, President Joe Biden’s administration has attracted prominent critics of high technology to lead antitrust crackdowns on companies, while in Britain, Prime Minister Boris Johnson’s government is pushing for its own remarkable digital reforms.