DUBLIN: Ireland’s new data protection watchdog expects to win the power to levy vast fines on some of the world’s biggest Internet firms under European privacy laws, despite opposition from some larger EU countries who want responsibilities shared more widely.
Helen Dixon took over late last year as Ireland’s data protection commissioner, becoming the lead regulator on privacy issues for Facebook, Apple and Yahoo! because they have declared Ireland as their main base in Europe.
Data protection rules have become a major issue for businesses and consumers concerned about the information Internet firms disclose to advertisers and security services.
As a result the EU has agreed to introduce fines of up to 5 percent of a firm’s global revenue for breaches of its proposed new unified data privacy law, which at current annual revenue levels could mean maximum potential fines of just over $100 million for LinkedIn and as much as $15 billion for Apple.
The role of lead regulators like Dixon as the sole arbiter under the new General Data Protection Regulation would be changed by a proposal that data protection authorities in other EU countries can intervene in cases where they claim to have an interest, potentially giving them a veto.
A counter-proposal to demand that any intervention is deemed “relevant and reasoned” would make the system less unwieldy, Dixon said.
And whatever the outcome, Dixon said she still expects to be left responsible for levying the new super fines for companies who declare their main European base to be in Ireland.
Her office does not currently have the power to levy fines.
“Would the lead authority propose the measure and, where it is an infringement, would they impose the level of fine? That is what it is likely to be,” she said.
The role of other EU member state regulators in influencing that decision and the ability of a new board of data regulators to overturn it remain under discussion, she said.
Dixon, who is moving part of her staff to Dublin from above a shop in a country town, also defended Ireland’s record as a regulator, saying it had more extensive powers of audit than many other jurisdictions.
Having already audited the data control policies of Facebook and LinkedIn she said she aims to now conduct similar audits for Apple, Yahoo! and Adobe but declined to say how long that would take.
One of her top priorities would be to counter accusations that Ireland has promoted itself as having a soft touch regulatory regime on privacy laws to attract multinationals, a claim she described as “spurious.”
“Some of these phrases have been bandied about and repeated: ‘soft regulator’, ‘forum shopping’.
“I don’t think it is going to be easy but I think over time the tide is going to turn,” she said.