ICCL says amendment could ‘gag’ critics of DPC and Big Tech

27 Jun 2023

Data Protection Commissioner Helen Dixon. Image: Connor McKenna

An amendment to be debated by Irish lawmakers tomorrow would criminalise revealing information from DPC investigations that is deemed to be confidential.

Civil liberties activists have raised serious concerns over an amendment to a law that they believe will “muzzle” critics of the Irish Data Protection Commission (DPC).

The Irish Council for Civil Liberties (ICCL) issued a statement yesterday (26 June) claiming that a “last-minute” amendment to the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 will “gag” people from speaking about how the DPC handles their complaints as well as about how Big Tech firms and public bodies are misusing their data.

Essentially, the amendment allows the DPC to deem certain information in its rulings to be confidential. According to its provisions, any failure to comply with said confidentiality may result in a €5,000 fine – making it harder for journalists to report on Ireland’s GDPR supervision.

The amendment, which will be up for debate in the Dáil tomorrow (28 June), also includes the protection of information that is not “commercially sensitive”, the ICCL claims.

“Justice should be done in public. The DPC should be holding public GDPR hearings … Instead, the Government is attempting to make DPC decision making even more opaque,” said Dr Johnny Ryan, a senior fellow at the ICCL. “The DPC is already exempted from freedom of information rules that could have aided in its reform.”

Ryan argues that Ireland’s enforcement of the GDPR against Big Tech, and how it upholds the data rights of everyone in Europe, should not be the subject of “eleventh-hour amendments inserted during the end-of-term legislative rush”.

“We ask the Government why it wants to do this? And why has it attempted to do so in a last-minute amendment that evades proper scrutiny?”

Because Ireland hosts so many of the European headquarters of Big Tech firms, including Google, Meta, Apple, Microsoft and TikTok, the Irish DPC is responsible for most of the investigations into complaints against them.

And while the DPC said in March it had issued fines of more than €1bn in 2022, it has often been criticised for being too lenient on Big Tech companies.

In a speech to the European Parliament last month, data protection commissioner Helen Dixon said the criticisms of the Irish regulatory body were “misplaced” as she faces EU pressure about ongoing investigations.

European privacy campaigner Max Schrems also weighed in on the issue, accusing the Irish DPC of trying to “criminalise” legitimate criticism instead of reacting to it.

“The proposed law in Ireland makes it criminal to share any information on a procedure. This shows that they fear the public and reporters more than anything. The law would, however, allow the DPC to selectively share information when it sees fit,” he said.

“It is mind blowing that this would happen in a European country.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic