Schrems letter turns up heat on Data Protection Commissioner

There is a pressing need for the regulator to act quickly and effectively to dispel criticism

Max Schrems is Austrian lawyer and data privacy activist. File photograph: Getty
Max Schrems is Austrian lawyer and data privacy activist. File photograph: Getty

The Data Protection Commissioner (DPC) has, for many years now, fought a rearguard action on charges that it is slow and toothless when it comes to big tech.

Sometimes, this criticism is implicitly shot through with the suggestion that Ireland’s FDI-focused industrial policy makes it an unsuitable regulator of these firms: sometimes, niceties are dispensed with, and it’s just done explicitly.

Therefore, the release of significant volumes of material relating to an ongoing investigation, spiked with the charge of "secret co-operation" with Facebook, will be most unwelcome.

That it emanates from Max Schrems, one of the most effective and tenacious antagonists of big tech, and indeed its regulators, will be doubly vexing for Ireland's watchdog.

READ MORE

Mr Schrems has questioned why extensive consultations on some aspects of data processing took place between the DPC and Facebook in the run up to tough new data protection rules being implemented – rules that Ireland’s watchdog is responsible for enforcing.

Investigations

He also raised criticisms of how long the DPC’s investigations take, and the manner in which it conducts them.

While illuminating, the privacy activist’s open letter is not a smoking gun. One man’s secret meeting, rendered less racily, is another’s regulatory consultation.

When it comes to speedy decision making, the pressure for results must be balanced against the cost of making an error; the companies regulated by the DPC are extraordinarily well resourced and will pursue any slip-ups.

Nonetheless, the letter will increase pressure on the DPC to regulate – and be seen to regulate – effectively. Doing so is of vital importance for Ireland, and for the European citizens it regulates on behalf of. Facebook is among the globe's most effective extractors of sensitive data from people – it uses this data for its own ends, and for those of advertisers and shareholders.

Confidence in the DPC, and in the rules it enforces, will turn on the effective and visible regulation of companies like Facebook in a way that clarifies how these businesses operate, and the basis on which they do so.

The best way it can dispel these criticisms is to act quickly and effectively on the interests of those for whom it acts.