Many of the largest US technology companies have their European headquarters in Dublin.
Arturo Widak | Nurphoto | Getty Images
New EU rules forcing Big Tech to control internet content more aggressively will be enforced directly by the European Commission, a move that experts say will diminish the role Ireland has played so far in overseeing digital giants in the region. .
Since 2018, the Irish Data Protection Commission has been the primary privacy guarantor overseeing the likes of Facebook’s parent company Meta and Google under the European Union’s General Data Protection Regulation, which aims to give consumers greater control over your data.
This is because many of the largest US tech companies, including Meta, Google and Microsoft, have chosen Dublin as their European headquarters, largely due to Ireland’s favorable tax regime.
But the Irish DPC has been criticized over the years for being slow in carrying out major privacy investigations and for failing to inflict many substantial fines.
“Ireland remains a major obstacle to GDPR enforcement,” Paul-Olivier Dehaye, founder of Personal Data, a Swiss non-profit focused on online privacy, told CNBC.
For its part, the Irish DPC stated that these criticisms are incomplete and lacking in context.
However, with the recently passed Digital Services Act, Ireland will no longer be at the center of the EU crackdown on Big Tech. Alongside Brussels’ new antitrust framework, the Digital Markets Act, the rules represent the most significant reforms to internet policy in the history of the bloc.
The DSA, which is expected to go into effect by 2024, will require large online platforms to quickly remove illegal material such as hate speech or child pornography, or risk multibillion-dollar fines.
How did we get here?
The original text of the DSA would have given the authorities of individual Member States the possibility of sanctioning the largest online platforms based in those countries for violations.
But EU members held out, worried it might lead to implementation delays. Eventually, the European Commission, the EU’s executive arm, was given executive powers.
“We notified the government about this a year ago,” Johnny Ryan, a senior member of the Irish Council for Civil Liberties, told CNBC. “This has been clearly reported for some time.”
Companies that violate the new rules face penalties of up to 6% of their global annual turnover. For a company like Meta, this could mean a fine of up to $ 7 billion. It is actually less than the maximum fine of 10% applicable under the GDPR.
The problem is that imposing such hefty fines means running the risk of facing costly appeals from tech companies. Critics, from EU officials to privacy activists, say the Irish DPC is not equipped to deal with this backlash. According to the ICCL, the DPC has only issued judgments in 2% of cases at EU level since the entry into force of the GDPR.
A spokesperson for the DPC said: “I would like to point out that we have recently published three separate reports, namely our annual report for 2021, a report on the handling of cross-border complaints under the GDPR and an independent audit report conducted by our auditors. internal, which all demonstrate that the Irish DPC is clearly delivering in terms of GDPR enforcement. “
More than € 1 billion in penalties have been inflicted since the entry into force of the GDPR. The biggest came last year from the Luxembourg data watchdog, which fined Amazon 746 million euros for violating the rules of the blockade.
Ireland’s GDPR 225 million fine against WhatsApp was the second largest. Both companies challenge their respective decisions.
The Irish government has insisted that the country “will play a crucial role” in the implementation of the DSA.
“The DSA provides a network of national authorities and the European Commission, which cooperate, exchange information and conduct joint investigations,” a spokesperson for the Department of Business, Commerce and Employment told CNBC.
While the Commission will act as the main guarantor for “systemic” companies like Meta and Google, which have millions of users across the bloc, Ireland and other EU countries “will be responsible for all other obligations in the DSA”, the spokesperson added.
Owen Bennett, Mozilla’s senior public policy manager, said the development represented a “watershed moment” for oversight of Big Tech in the EU.
“Ireland has been the de facto European regulator for nearly every major tech company for many years,” Bennett told CNBC. “The DSA creates a new precedent for centralizing Big Tech oversight in Brussels rather than Dublin.”
“I would be surprised if this didn’t become a trend in the years to come, with the European Commission taking a bigger role in enforcing the rules against Big Tech.”
The European Commission will also be the sole enforcer of the Digital Markets Act, which seeks to prevent the Internet’s so-called “gatekeepers” from harming the competition. Google would be prohibited from giving preference to its own services over those of a rival search engine, for example.
Under the DMA, companies could be fined up to 10% of their global annual turnover for breaking the rules. This can go up to 20% for repeated violations.
“Ireland could have been the center of the world,” said Ryan. “He could be the super regulator, the super guardian, basically the center of decision making for these companies.”
“Unfortunately it won’t happen.”
The EU has pioneered the introduction of new digital regulations and now governments in the US, UK and elsewhere are racing to catch up.
In Washington, President Joe Biden’s administration has harnessed prominent Big Tech critics to spearhead an antitrust crackdown on companies, while in Britain, Prime Minister Boris Johnson’s government is pushing through major digital reforms.