Irish Times view of €450,000 Twitter fine: One-stop shop system under pressure

Indications emerging of route to broader regulation and oversight of technology industry in EU

 

A week of important announcements has offered tentative signposts on the road ahead to broader regulation and oversight of the technology industry in the EU. On Tuesday, the Irish Data Protection Commission (DPC) announced its first formal decision against a major technology firm under the 2018 General Data Protection Regulation (GDPR).

Under the latter’s one-stop shop approach, complaints go the regulator in the EU state where a company has its EU headquarters. Grievances with almost every large multinational technology company will thus end up with the Irish DPC.

So this verdict was long-awaited. GDPR decisions on behalf of the EU’s 500-million strong market will influence and affect how the tech giants operate globally. In this first decision, against social media platform Twitter, a fine of €450,000 for a GDPR breach may have elicited a sigh of relief from tech firms, but was quickly criticised internationally as too lenient and slow.

Much remains to be determined in the final format of the Acts

In this case, Twitter could have been fined up to €60 million and fellow EU regulators were unhappy with the DPC’s initial draft decision. It then went to an adjudicating EU mechanism, but still resulted in a modest fine.

The DPC defended the fine as “effective, proportionate and dissuasive”, though DPC Helen Dixon acknowledged to the Wall Street Journal that to protect against legal challenges, the overall process had taken “too long”. The European Commission’s principal adviser on justice policy, Paul Nemitz, however, told the paper: “It is important that the lead authority for Google and other tech companies enforce GDPR properly to preserve the functioning of the one-stop shop.”

Yet perhaps that function needs to be reconsidered, given the burden of regulating the world’s most powerful, well-financed companies out of one of Europe’s smallest states. A broader European regulatory approach might work better.

Draft proposals this week for two significant pieces of EU regulatory legislation, the Digital Services Act and the Digital Markets Act, suggest that companies be tiered into regulatory levels depending on their power, scope and market capitalisation. The higher the tier, the more responsibility and liability a company would carry, and punishments adjusted accordingly.

Oversight would be maintained at a pan-EU level, not delegated to national regulators. These important acts are intended to interlock with protections in the GDPR and the ePrivacy Directive to ensure adequate protections and market supervision.

Much remains to be determined in the final format of the Acts. And GDPR enforcement is still in its infancy. But this week’s announcements hint that greater regulatory power and harmony might be achieved if GDPR reconsidered the one-stop shop mechanism.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.