Tech giants like Facebook and Google have long abused their power to buy, sell, and profit off their customer’s personal information. Last year, the European Union (EU) took the reigns on protecting data privacy by implementing the General Data Protection Regulation (GDPR). However, after a year of going into effect and with more than 1,928 filed complaints, it’s apparent that the GDPR has a big loophole: Ireland, the lead regulator, has yet to impose sanctions against any big tech company. Could it be that the country’s cozy relationships with top Silicon Valley firms hinders its ability to enforce the strict data protection laws? Have they made it about their economy and forgot about the people these laws are meant to protect?
General Data Protection Regulation
GDPR aims to reshape the way in which data is handled across every sector, from healthcare to banking and beyond. It applies not only to companies and individuals within the EU, but to anyone doing business with those countries, regardless of location, including the United States and China. A failure to comply with these statutes will result in a fine of up to 4% of the annual global turnover or 20 million euros. No light slap on the wrist, if you ask me. In the case a breach does occur, organizations have 3 days to inform authorities and the data subject of said incident. If not, they will be fined 2%. Ask Google and Facebook about those fines.
Ireland- The Regulator
After years of back and forth disputes with data companies, security experts and regulators were eager to implement the GDPR. The lead regulator would be in a country where tech corporations had their data controller. In many instances, this was Ireland. The data controller is the entity that decides the purpose, conditions and means of the processing of personal data. Do you think this is a conflict of interest……. hummmmm.
Several academics and data professionals have been suspicious of Ireland’s commitment to cracking down on companies who violate the terms of the GDPR. Especially since the companies in question top Ireland’s biggest contributors to their economy.
Ireland’s has a history. Back to 2011, when authorities disregarded the first of many Facebook violations, a pattern emerged. The social media company was accused of granting external app designers’ access to its users’ personal information without the user’s knowledge or consent. As such, complaints were filed, with regulators. However, the tech giant pushed back ultimately leading Irish regulators to issue Facebook an almost perfect score for its privacy measures. Consequently, the data collected lead to one of the biggest data breaches to date – 87 million user’s data sets were released to Cambridge Analytica and eventually to the 2016 Trump campaign. This may or may not have influenced the United States’ general elections. It is just interesting how inaction in one democracy could have assist in the attack on another. Thanks a lot Ireland.
More recently, Facebook took advantage of Ireland’s regulator position by reinstating its facial recognition software, which was previously banned in the EU. They pretty much recognized the freedom the company had within the country. Most data experts feared that pictures could be used to find and track individuals without the person’s permission. But once again, the social media giant prevailed with regulators and leeway was granted for Facebook to implement its strategies.
Facebook told regulators that it would not use the photo until explicit permission was granted by users. The actions of Facebook and other companies are clear violation of GDPR. However, various EU regulators agree that simply storing such data violates the provisions of the GDPR. According to the regulation, explicit consent is “required for processing sensitive personal data”. Though Irish authorities seem to agree, they have yet to launch a formal investigation. Classic.
Cause for Concern
Ireland’s inability to ensure data privacy protection is a serious cause for concern for millions of people around the world. As the primary regulator, Ireland is responsible for securing health information, financial records, email addresses, dates of birth, search histories, relationship statuses, and various other segments of personal information. All of which can be used to inflict harm upon others.
If Irish regulators continue down this crooked path that’s seemingly illuminated with economic gains, they will jeopardize the well-being of every human being on this planet. In some way, shape or form. We are all digitally connected, and Ireland has reminded us in a very real way.