As the world celebrates International Data Protection Day (which takes place today), Ireland still faces some major challenges over the coming year. Here are five issues facing the regulator, the government and ordinary Irish citizens.
In December, the Irish Data Protection Commissioner (DPC) fined Twitter € 450,000 in their office’s first GDPR fine a big tech company. The actual violation was a mistake that made some « private » tweets public, compounded by the failure to notify the Irish office within 72 hours.
Even so, it seemed a minor matter to many, even to them a relatively small tech platform like Twitter; GDPR law allows up to 4 percent of a company’s annual revenue to be fined, and $ 450,000 is just 0.2 percent of Twitter’s revenue of $ 2.7 billion.
2021 is expected to have more fines against the large technology companies located here. There are currently around 20 investigations against the tech titans.
We know that Facebook has earmarked € 302 million in potential fines in Europe, mainly resulting from investigations by Helen Dixon’s office. There are over 10 investigations into Facebook and its constituent parts Instagram and WhatsApp.
The Irish regulator says their goal is not just to impose heavy fines, but to change behavior. Still, the numbers are usually important indicators.
In 2019, the US fined Facebook $ 5 billion for violating the rules. This type of figure catches everyone’s attention. And it is not overlooked in the rest of the EU, which often complains about a perceived ease in enforcing regulations here. (Germans wanted Helen Dixon to fine Twitter up to 22 million euros instead of the 450,000 euros it hit.) They want the Irish regulator to put more money into their fines this year.So if Facebook is right and pays the Irish regulator around € 300m in fines, is that generally considered satisfactory for other European data protection authorities or for strong critics of online tech companies in general? It seems unlikely.
If you own your home in an urban area, you’ve probably seen tiny camera-like buttons on some of your neighbors’ doors.
In recent years, wifi-enabled video doorbells have become very popular in Ireland. The biggest brand is Ring (owned by Amazon). Devices from Google (Nest Hello), Arlo and Logitech are also on the market.
They do broadly the same thing: video the person at the door and let them speak to them live on your smartphone. </ They are pretty effective security devices. However, they are now being used en masse as de facto CCTV cameras. It is normal for a Lake Garda to call and ask if you would like to see your Amazon Ring footage on foot of a disruption or complaint.
This is about the scale at which entire neighborhoods are now being converted into video zones.
« The Data Protection Commission (DPC) receives a large number of complaints from individuals about the operation of video surveillance in a home setting, usually on neighboring properties, » the Irish Data Protection Agency said earlier this month.
“If you’re a householder who has a CCTV system in place and your CCTV system works to capture images (and sounds) of people outside of your property – in their homes, gardens, or on public sidewalks or streets – you cannot take advantage of the budget exemption and must fully comply with data protection obligations. “
For some households with large gardens or driveways, this is not a problem – the visible range of the video doorbell can only be 10 to 20 meters. For others in row houses or houses that effectively open up to a public footpath, this is a major challenge for the privacy of everyone else in the area.
It also involves some technical legal obligations, such as the signage that passers-by on yours Camera alert, as well as a right for people who are recorded to contact you and ask for the deletion of the footage.
If the pandemic subsides at some point and the offices are reopened, it is possible video doorbell purchases increase as people leave their homes to go back to work.
The EU and US disagree on the acceptable level of security monitoring of citizen data. Americans believe that it is « proportionate » to monitor bulk accounts for security reasons, while the EU believes it violates fundamental human rights.
For about six years we have been able to postpone and falsify the problem. Then, last summer, the European Court of Justice overturned the « Privacy Shield » agreement between the EU and the US and declared that the US is treating the privacy of EU citizens in an unacceptable manner.
As a result, the European data supervisory authorities now had to start To stop data transfers that are based on existing legal mechanisms such as « standard contractual clauses ». Panic stations ensued when the Irish DPC ordered Facebook to stop its transatlantic flow of data.
And now this case is before the Irish High Court, where Facebook (and most corporate lobby groups) argue that the future of transatlantic trade is at stake could stand.
But at the root this is not a problem coming from the Irish regulator or Facebook. There is a fundamental, insoluble difference of opinion between two large federal states about the priority of security over privacy.
Neither of the two seems to be withdrawing: Will the newly elected President Biden stop the general security monitoring of Europeans’ data on services like Facebook approve?
That also seems unlikely. The answer seems to be more fiddly for the foreseeable future: some kind of new certification system that claims to serve both interests until it is challenged and repressed by the ECJ.
« Everyone thinks privacy is a simple and obvious absolute good, until a million Nazis join their platform and see their first child abuse report, « says Benedict Evans, Venture Partner at Mosaic Ventures and former partner at Andreessen Horowitz.
Mr. Evans spoke about the migration of tens of millions of WhatsApp users to Signal, after Facebook announced earlier this month that it would soon make more WhatsApp user data available to Facebook for advertising purposes.
Even if this does not apply within the EU and although it is probably the only way for WhatsApp to make money, it has nevertheless triggered an outcry. The result is roughly 20 million WhatsApp users migrating to Signal.
Everyone thinks privacy is a simple and obvious absolute good until a million Nazis join their platform.
The reason Signal is so strong What has benefited is that it is seen as a « purer » encrypted privacy app that monitors metadata or account details even less, let alone content. But problems are already brewing. The signal is increasingly being enhanced with features designed to make it completely private for large groups to use.
This makes it more attractive for even more WhatsApp users to migrate, but also makes it a safer haven for hate groups and those who who want to share illegal content.
« I read people from a new high profile messaging app [Signal] who are talking about privacy as an absolute value and inciting violent racists. Pick one, » said Benedict Evans.
In Ireland the tension between privacy and security still exists. Last year, Area Commissioner Drew Harris told me he would prefer a backdoor into encrypted apps (like WhatsApp, Signal or iMessage) to fight crime.
During the exchange of Images about child abuse – in particular – mean that we are re-examining our commitment to absolute data protection in communication, still exists There is a weak consensus that it is worth sticking to privacy for greater benefit. This is one reason Ireland’s new Online Safety Commissioner will not be given powers to inspect or enforce messaging or storage apps that use encryption even if images of child abuse are at stake.
Is it Ireland serious about being Europe’s data regulator or not? The annual budget for the Irish Data Protection Supervisor is just over EUR 20 million. This is an infinitesimal fraction of the budgets of the companies whose legal problems the Irish bureau is trying to address.
While conspiracy theories about Ireland deliberately underfunding its regulator to make it easier for big tech firms to run may seem excessive, those who do argue a point about the amount of funds allocated. It already appears to be having an impact on the stance of other EU countries on Ireland’s enforcement record, which is often most critical when it comes to making decisions on large cross-border cases.
Earlier this month, the influential European Advocate General said Court said Ireland’s position as a ‘one stop shop’ regulator for the largest tech companies may not continue as a guiding rule due to its Irish location
If the Court follows its advice, it may mean Facebook, Google and the rest Take action by local regulators in a number of EU countries, as opposed to just one in Dublin. . . .
An INM website