I have a letter to the Editor in yesterday’s Irish Times (with a few added links):
Sir, – Eoin Drea‘s article on Ireland’s EU presidency provides many examples of “an Ireland that is totally directionless on EU affairs”. At least two are baseless.
First, he argues that Brussels sees Ireland as doubling down on its own self-serving agenda – with the appointment of Niamh Sweeney as data protection commissioner just the most recent example.
He describes her as “a former senior Meta lobbyist”, as if that connection is sufficient, of itself, to disqualify her from the role. On the contrary, it is entirely appropriate that there is a wide range of experiences across all three members of the Data Protection Commission (DPC). Her understanding of the technology sector will be invaluable to the commission’s work.
Moreover, whilst her appointment was formally made by the Government, it was done on the recommendation of the Public Appointments Service. Their role is to provide an open and transparent recruitment process to identify on merit top-quality candidates for public sector roles.
They will have probed in their interview with Ms Sweeney the extent to which she can be impartial and independent of an employer she left four years ago. They must not have had concerns in this regard; instead, in their independent view, Ms Sweeney was the best person in the process to recommend for appointment to the DPC.
By all means, criticise her for the decisions she makes as commissioner; but do not assume what they will be.
Second, Drea widens his focus, to criticise Ireland’s “incestuous relationship with US technology companies – a relationship frequently seen as prioritising US interests over the application of EU rules”.
This criticism is often levelled, in particular, at the DPC’s application of the EU’s General Data Protection Regulation (GDPR). It is casually made, and hard to rebut, but it is entirely misplaced.
In the application of EU rules, one metric of enforcement is fines. Since the GDPR came into effect on May 25th, 2018, the DPC has levied fines in the order of €3.8 billion. Of this, the DPC has fined Meta more than €2.6 billion – real money, even to Mark Zuckerberg. Indeed, the DPC’s most recent fine on Meta was €1.2 billion, the highest fine ever in the EU for a breach of the GDPR.
Moreover, since 2018, the Government has fundamentally increased its support for the DPC, and the office and its budget have grown almost tenfold. More could be done, but this is far, far more than the bare minimum.
Nevertheless, emphasising its independence, the DPC does not shy away from enforcement against government departments and public bodies.
The prioritisation of US interests is often presented as soft-touch regulation by the DPC of US technology companies, but the level of fines belies that criticism.
Similarly, the DPC is often faulted for its considerable engagement with that sector.
But the GDPR encourages both consultation to head off problems, and amicable resolution of disputes. The alternative is court action. Engagement is a much more efficient use of the DPC’s resources than the costs of litigation.
Of course, there is room for improvement. But this is true everywhere, and not unique to the DPC. Far from deriding the DPC, we should celebrate it as one of our European success stories, and welcome Ms Sweeney as one of its commissioners. – Yours, etc,
EOIN O’DELL,
Dublin 14.