An 11th hour amendment to the Government of Ireland’s Courts and Civil Law (Miscellaneous Provisions) Bill 2022 will serve to “muzzle” people looking to speak out about how Big Tech and public bodies are misusing their data.
That’s according to civil liberties and human rights non-profit the Irish Council for Civil Liberties (ICCL), which is calling on politicians to veto the amendments when they’re presented for debate in Parliament on Wednesday this week.
Since the introduction of GDPR back in 2018, Ireland has emerged as a primary enforcer of Europe’s data privacy regulations, due in large part to the fact that most of the major U.S. tech platforms have their European subsidiaries on the Emerald Isle.
GDPR, in a nutshell, is designed to give citizens control of their data and the ability to hold companies to account through greater transparency and appropriate legal remedies should they mistreat their users’ personal information. Prominent data privacy advocates and activists have used GDPR to do just that, including the ICCL and Austrian lawyer Max Schrems, who has filed numerous complaints against the likes of Amazon, Apple, Netflix, and Facebook’s parent Meta over their handling and transferring of user data.
But with the proposed amendment quietly by Ireland’s Government, this could silence any meaningful critique both of billion-dollar companies and the Irish Data Protection Commission (DPC) itself.
“Ireland’s enforcement of the GDPR against Big Tech, and how it upholds the data rights of everyone in Europe, should not be the subject of eleventh-hour amendments inserted during the end-of-term legislative rush,” ICCL senior fellow Dr. Johnny Ryan said in a statement.
The amendment proposes a new section 26A for the Data Protection Act 2018, which would “prohibit the disclosure of confidential information” revealed at any point during a complainant’s interaction with the DPC. So for example, an activist or advocate or citizen filing a complaint would not be able to reveal key details of the complaint to the general public (e.g. to the media) if that information has been deemed “confidential” by the DPC itself. It’s not entirely clear what kind of information could be classed as “confidential,” but it seems fairly broad, encompassing “commercially sensitive” information, any information that has been “given in confidence,” or information that would “reasonably expected to prejudice the effectiveness and performance of a relevant function.”
According to the ICCL, if this amendment is greenlighted, it would “make it impossible for journalists to properly report on Ireland’s GDPR supervision of Big Tech firms,” or any organization, that counts Ireland as their European base — this includes Meta, Apple, Microsoft, Google, and TikTok.
“Justice should be done in public,” Ryan said. “The DPC should be holding public GDPR hearings. Instead, the Government is attempting to make DPC decision making even more opaque.”
None of Your Business (NOYB), an Austria-based nonprofit co-founded by Max Schrems in 2017, also commented on the proposed amendments, saying that Big Tech and the DPC “want privacy for themselves” by preventing people from simply talking about the specifics of a complaint.
“You cannot criticize an authority or big tech companies if you are not allowed to say what’s going on in a procedure,” Schrems said. “By declaring every tiny information ‘confidential’ they try to hinder public discourse and reporting. Instead of reacting to legitimate criticism, they now try to criminalize it. The proposed law in Ireland makes it criminal to share any information on a procedure. This shows that they fear the public and reporters more than anything.The law would however allow the DPC to selectively share information when it sees fit. It is mind blowing that this would happen in a European country.”
TechCrunch has reached out to the DPC for comment, and will update here when we hear back.