An amendment is being considered in Ireland to classify certain information in GDPR complaints as confidential. That could mean that details of breaches by major technology companies may no longer be made public.
What does the Irish legislature want to achieve with this change?
The provision in question was added via a last-minute amendment to the “Courts and Civil Law (Miscellaneous Provisions) Bill 2022” by state Attorney General James Browne.
If approved, the provision would allow the privacy watchdog to prohibit, at its discretion, the publication of information related to the handling of complaints, investigations and inquiries that would be classified as confidential to protect the integrity of the investigation. The result would be that any communication, including through the media, on the matters in question would no longer be permitted
Implications for Europe
The civil rights organization ICCL has called on Irish politicians to oppose the relevant Techcrunch-amendment to vote. In theory, this adjustment would primarily affect Irish cases. However, it is important to note that the country also home to many U.S. technology companies, including Google, Microsoft, Meta, Apple and China’s TikTok. This means that European data protection complaints of these companies in Ireland be filed.
Bill threatens transparency and public debate around privacy issues, warns privacy activist Max Schrems
Max Schrems, well-known privacy activist , questions this bill
According to Schrems, big-tech companies such as Meta and Google have been trying for years to sweep GDPR lawsuits filed against them under the rug by labeling them confidential.
Schrems and his privacy organization NOYB have been in discussions with the Irish privacy regulator for years. For example, the Irish privacy regulator has already been dragged into court several times by Schrems to review privacy complaints submitted. The bill would make it very difficult to criticize big-tech companies and regulators, after all, you no longer know what goes on behind closed doors.
Labeling information as confidential prevents public debate and reporting and criminalizes legitimate criticism.
The law would allow the Irish privacy regulator to selectively share information when it wants to.
Conclusie
This last-minute proposal is an affront to the right to privacy, freedom of speech and access to information. This amendment will greatly and most importantly unnecessarily limit the ability to hold the Irish privacy regulator and Big Tech publicly accountable.
Instead of trying to protect Big Tech from public scrutiny, Ireland’s privacy regulator should enforce the GDPR and fulfill its obligation to hold Big Tech accountable.
To date, the surveillance-based business models of companies like Meta and Google fundamentally undermine the rights to privacy, freedom of speech and expression.
