Facebook urged government to spend more on data privacy regulator

Company was worried that big EU states would block Ireland from running one-stop shop on data protection

Facebook’s representation, dating back to Enda Kenny’s time as taoiseach, came as efforts were being made to overhaul data privacy laws across the EU. Photograph: Aidan Crawley/Bloomberg

Facebook’s representation, dating back to Enda Kenny’s time as taoiseach, came as efforts were being made to overhaul data privacy laws across the EU. Photograph: Aidan Crawley/Bloomberg

 

Facebook pressed the government to increase funding to the State’s data watchdog to push back at French, Spanish and German regulators opposed to making the agency the internet giant’s EU-wide supervisor.

The social media company’s representation, dating back more than six years to Enda Kenny’s time as taoiseach, came as efforts were being made to overhaul data privacy laws to protect internet users across the EU.

Previously undisclosed correspondence between Facebook and a government official shows the Silicon Valley company’s efforts to push the government to support its desire to be regulated by the Irish watchdog.

New EU rules introduced last year make the Irish Data Protection Commission the lead supervisory authority for social media companies such as Facebook because their EU operations are based here.

The State’s capacity to regulate big tech multinationals remains the subject of intense international scrutiny.

In 2012 the firm, like other big tech companies, wanted the rules – introduced last year under the General Data Protection Regulation – to include the one-stop shop principle, where companies would not have to deal with regulators in each of the 28 EU member states but could be monitored by a lead regulator in one state.

The principle was supported by Mr Kenny’s government but there was strong resistance from other EU data regulators, who were critical of the lack of State resources applied to the Data Protection Commissioner, then based in a small decentralised office above a Centra shop in Portarlington, Co Laois.

Question marks

In October 2012, Facebook public policy executive Simon Milner shared “helpful intel” with the government by email on discussions the company had with EU officials about the data privacy rules, which were then still only proposals.

Mr Milner informed one of Mr Kenny’s advisers at the Department of the Taoiseach, Paul O’Brien, in an email that EU officials had told Facebook that the German, Spanish and French data protection authorities were “questioning” the ability of the commissioner in Ireland “to properly scrutinise international companies”.

Those EU regulators were “arguing against the ‘one-stop shop mechanism principle in the [European] Commission’s proposals”.

The Facebook executive told Mr O’Brien he recalled him saying that Mr Kenny would be meeting the then Irish data protection commissioner Billy Hawkes “to discuss the work of the [commissioner]”.

“If the Government is able to announce that it is set to increase the resources of the [commissioner], that would be very helpful in pushing back against the rival DPAs’ arguments,” he wrote in the email on October 3rd, 2012, that was released to The Irish Times by the Department of the Taoiseach under the Freedom of Information Act.

Budget increase

In subsequent months the government announced an increase in the commissioner’s budget and resources, including a chief technology adviser, a legal adviser and additional administrative staff.

The Department of Justice released a statement at the end of March 2013 stating that then minister for justice Alan Shatter “underlined the government’s ongoing strong support for the Office of the Data Protection Commissioner”.

It said proposed EU rules and the one-stop shop mechanism covering multinationals such as Facebook with users in member states across the EU was “likely to have considerable implications for the Office of the Data Protection Commissioner in Ireland, including significant resourcing demands”.

Sources familiar with deliberations by State officials on the regulations at the time said the government was coming under intense pressure to beef up the commissioner’s resources in Ireland and had decided the regulator needed strengthening.

One source recalled the photograph of the commissioner’s office above the Portarlington shop being circulated among EU data protection regulators, damaging the State’s reputation and raising concerns among member states about the Irish regulator’s capacity to supervise international tech companies.

This led the government – independent of any representations by outside companies – to strengthen the Irish regulator in anticipation of the new responsibilities falling on it under the one-stop shop mechanism, sources said.

“It was rapidly becoming an area of increasing importance to the government, so they decided to make a significant investment [in the regulator]. That was going to happen regardless of any lobbying,” said one source.

Another former insider said Irish officials were keen to push back against claims from some EU states that the State was not willing to regulate big tech companies properly and that this was “part of a green-jersey agenda to go easy on tech companies” that were among the country’s biggest job creators.

This encouraged the government to invest more in the office, said the source. Since then, the office’s budget has increased from less than €2 million to €11.7 million in 2018 and from 26 staff to 137.