An 11th-hour amendment to the government of Ireland’s Courts and Civil Law (Miscellaneous Provisions) Bill 2022 will serve to “muzzle” people looking to speak out about how Big Tech and public bodies are misusing their data.
That’s according to civil liberties and human rights nonprofit the Irish Council for Civil Liberties (ICCL), which is calling on politicians to veto the amendments when they’re presented for debate in Parliament on Wednesday this week.
Since the introduction of GDPR back in 2018, Ireland has emerged as a primary enforcer of Europe’s data privacy regulations, due in large part to the fact that most of the major U.S. tech platforms have their European subsidiaries on the Emerald Isle.
GDPR, in a nutshell, is designed to give citizens control of their data and the ability to hold companies to account through greater transparency and appropriate legal remedies should they mistreat their users’ personal information. Prominent data privacy advocates and activists have used GDPR to do just that, including the ICCL and Austrian lawyer Max Schrems, who has filed numerous complaints against the likes of Amazon, Apple, Netflix and Facebook’s parent Meta over their handling and transferring of user data.
But with the proposed amendment by Ireland’s Government, this could silence any meaningful critique both of billion-dollar companies and the Irish Data Protection Commission (DPC) itself.
“Ireland’s enforcement of the GDPR against Big Tech, and how it upholds the data rights of everyone in Europe, should not be the subject of eleventh-hour amendments inserted during the end-of-term legislative rush,” ICCL senior fellow Dr. Johnny Ryan said in a statement.
‘Confidential information’
The amendment proposes a new section 26A for the Data Protection Act 2018, which would “prohibit the disclosure of confidential information” revealed at any point during a complainant’s interaction with the DPC. So for example, an activist or advocate or citizen who has filed a complaint with the DPC would not be able to reveal any findings or information garnered as a result of the complaint (for example to the media) if that information has been deemed “confidential” by the DPC itself*. It’s not entirely clear what kind of information that it could class as “confidential,” but it seems fairly broad, encompassing “commercially sensitive” information, any information that has been “given in confidence” or information that would “reasonably expected to prejudice the effectiveness and performance of a relevant function.”
According to the ICCL, if this amendment is greenlighted, it would “make it impossible for journalists to properly report on Ireland’s GDPR supervision of Big Tech firms,” or any organization, that counts Ireland as their European base — this includes Meta, Apple, Microsoft, Google and TikTok.
“Justice should be done in public,” Ryan said. “The DPC should be holding public GDPR hearings. Instead, the Government is attempting to make DPC decision making even more opaque.”
None of Your Business (NOYB), an Austria-based nonprofit co-founded by Max Schrems in 2017, also commented on the proposed amendments, saying that Big Tech and the DPC “want privacy for themselves” by preventing people from simply talking about the specifics of a complaint.
“You cannot criticize an authority or big tech companies if you are not allowed to say what’s going on in a procedure,” Schrems said. “By declaring every tiny information ‘confidential’ they try to hinder public discourse and reporting. Instead of reacting to legitimate criticism, they now try to criminalize it. The proposed law in Ireland makes it criminal to share any information on a procedure. This shows that they fear the public and reporters more than anything.The law would however allow the DPC to selectively share information when it sees fit. It is mind blowing that this would happen in a European country.”
TechCrunch has reached out to the DPC for comment, and will update here when we hear back.
*This article was updated to clarify that the proposed amendment would still enable a complainant to reveal details of the complaint itself and that a complaint had been made, it would just mean that they couldn’t divulge any details that emerged in the aftermath of the complaint.