:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/42BKNI5DKIIAAYIL4FXDPRISS4.jpg)
Anyone who calls Brexit a never-ending story has clearly not been following Max Schrems v Facebook.
Since the Austrian privacy campaigner filed his complaint in June 2013 with Ireland’s Data Protection Commission (DPC), the commission has suggested, in succession, that there was no case for it to investigate; that the case was beyond its legal remit; and that it would investigate but couldn’t because of legal uncertainty. Twice, Europe’s highest court has dismissed its arguments and effectively told it to get the finger out. And still it dragged on, with a new case now in front of the Irish courts.
After 2,759 days of not deciding, the DPC promised Schrems on Wednesday it would open an investigation and issue a “swift” decision on his complaint.
It appears that the only thing the DPC has been sure of so far in this case has been its determination not to decide. So much so that, in several rounds, even the opposing Schrems and Facebook camps argued that the DPC and its lawyers were, at best, treading water.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/OCIIIFV44FP4OHNBXTOM6KGMXQ.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/ETNRJ67YC43NRT4RDVRNSTTTDE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/KLWN6TZFCVNMQBMTZRYPAAIYAU.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/EO3WHS265MYBNVP3WK7UKMP7HA.jpg)
In the legal world in particular, time is money. One informed source has estimated that the total cost to the DPC will be about €6 million. In 2019, Facebook earned that in 45 minutes. But €6 million is one-third of the DPC’s annual – publicly funded – budget, which the regulator insists is too small to police big tech effectively.
Assuming that this new light at the end of the tunnel is not another false dawn, the DPC knows its decision on the Schrems/Facebook case will have major economic and political consequences. Whenever it does make a ruling, the DPC in turn faces questions on whether its seven-year legal strategy to date was a prudent use of taxpayers’ money. Which in turn poses another question: who is regulating the regulator?
The Schrems case is complicated, but also simple: where there’s a will there’s a way. After luring the world’s tech giants to our shores, is Ireland Inc really interested in regulating them, too, in a way that balances their commercial interests with EU citizens’ privacy rights – and doesn’t take nearly eight years to do so?
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/sandbox.irishtimes/GW3FWAURWFGM7FF4RMYJLBG7ZI.png)