The Irish Times view on the Data Protection Commission: the case for strong regulation

No other agency of the State carries the kind of responsibility the Data Protection Commission has in its role overseeing EU-wide activities of tech multinationals

With great power comes great responsibility, and when it comes to regulating Big Tech and transnational internet giants, that responsibility carries with it an obligation not just to enforce the rules but to make sure the enforcer is adequately funded to be able to do so.

No other agency of the State carries the kind of responsibility the Data Protection Commission has in its role overseeing EU-wide activities of tech multinationals. Helen Dixon's data privacy watchdog has a relatively new brief with remarkable powers to levy fines and an extraordinary reach as the regulator overseeing compliance with the sweeping EU rules introduced just four years ago under the powerful General Data Protection Regulation (GDPR) law.

On paper, the one-stop-shop mechanism within the regulation makes sense as a business-friendly measure. Rather than having to deal with multiple regulators across the EU, tech multinationals deal with a lead supervisor and, because tech giants such as Google and Meta/Facebook have their EU headquarters based in Dublin, EU regulatory responsibility falls at Dixon's door.

Much criticism, from data privacy campaigners to European politicians concerned at the growing power of Big Tech, has been levelled at the Irish regulator in recent years for not going far enough or fast enough in response to data breaches and other privacy concerns at the companies running their vast European operations from Ireland. Some criticism stems from a suggestion that a go-slow approach to regulation is driven by the Government's reliance on tech multinationals for jobs and taxes. In reality, the pace of regulation is set by the resources of the regulator and the need to follow a new set of highly complicated rules and procedures in the face of scrutiny from the tech giants and their teams of lawyers and, in some cases, complex court cases.


There are other challenges. EU Ombudsman Emily O'Reilly has opened an inquiry into how the European Commission has been monitoring the application of the GDPR rules in Ireland. Regardless of the outcome of that inquiry or the merits of the complaints about Dixon's office, the Government needs to reconsider the seriousness with which it approaches the regulations she has been tasked with enforcing. Resourcing an EU-wide regulator with €23 million a year and fewer than 200 staff does not go far enough.

Tánaiste Leo Varadkar has made much of Ireland being a "small island" but always "at the heart of Europe". If the Government is to be taken seriously in its responsibility to upholding EU regulations and the State's international reputation protected, it will need to consider strengthening an office that is responsible for protecting the data privacy of 450 million citizens.