Data Protection Commissioner Helen Dixon has said her office prefers to take an "engaged" approach to dealing with privacy issues that arise with multinational companies such as Facebook.
However, she insisted she would not rule out legal enforcement if this failed.
Ms Dixon said there were still “a significant number of issues” still in play between Facebook and her office in terms of it being satisfied that certain features of its products were fully in compliance with EU legislation, including some in relation to its latest privacy policy.
Her office was committed to trying to better explain how it engages with large multinationals such on privacy issues affecting consumers and on the recommendations arising from its audits.
The commissioner was speaking at a conference organised by the Irish Centre for European Law Trinity College Dublin (ICEL). Other speakers included Mr Justice Frank Clarke of the Supreme Court, barrister Paul Anthony McDermott and Microsoft's head of privacy in Europe, Marie Charlotte Rocques Bonnet.
Mr Justice Brian Cregan and Mrs Justice Fidelma Macken chaired the sessions.
The commissioner said if her office were to take legal action every time there was an issue with a policy or a product rolled out by one of the data-rich multinationals that it would “get nothing else done”.
Several European data protection authorities in Europe, including Belgium and the Netherlands have launched legal actions against Facebook over privacy issues. Belgium has accused the company of "trampling" over its own and European privacy laws. The company has over 1.4 billion users and its legal base for data protection purposes in Europe is Ireland.
The commissioner said two audits by her office in 2011 and 2012 had been “groundbreaking” in terms of driving it towards compliance and had led to changes in how Facebook’s users were able to protect their privacy settings.
In the meantime, many more issues had been the subject of recommendations from the office and had been implemented and fully resolved by Facebook.
“Had we approached all of those issues with legal proceedings we would get nothing else done and much of the effort would also seem to have been unnecessary as Facebook was willing to make rectifications. Equally if we maintained a permanently adversarial approach with Facebook, I think they would be less inclined to run new services offers and concepts by us and we would be permanently chasing from behind,” she said.
Ms Dixon said she wondered in an area of law where there were “fewer hard cases and fewer hard laws to follow whether an emphasis on the hard enforcement approach always works best”.
“I would emphasise the application of an engaged approach, versus regulating from behind a wall. The Irish authority very much backs an engaged approach to regulation. It considers itself to have evidence of its effectiveness.”
Ms Dixon said she was not criticising her fellow regulators because they had a duty of confidentiality under EU law, but there had been no information from them, with the exception of Belgium, about what precisely they were investigating in relation to Facebook.
All of the authorities were after the same goal of better compliance, but she did not think the legal actions were a “fast enough life cycle” for the kinds of issues that might arise.
On whether more could have been done by regulators earlier, Ms Dixon said that if there were “ criticisms to be made and lessons to be learnt, I think EU regulators as a co-operative grouping must share responsibility”.