The Irish have dismissed claims that their data protection regulator will be unable to cope with the new demands of the EU’s “one-stop-shop” approach, despite having a budget of only €4.7m (£3.4m) a year – equivalent to just 17% of the UK regulator’s spend – and being run out of a corner shop.
The “one-stop shop” approach in the General Data Protection Regulation (GDPR) means companies doing business in the European Union will only have to answer to the data protection authority in the country in which they are based, rather than all the watchdogs in separate states.
However, under a compromise agreed last week, consumers will also be able to complain to their domestic authority, who will then approach the lead regulator.
But with so many tech businesses setting up their Euro HQs in Ireland – including Apple, Amazon, Google, Facebook, eBay, PayPal, LinkedIn, Twitter, Salesforce.com, Intel and Oracle – to take advantage of tax breaks, the Irish Data Protection Commissioner’s workload will explode.
In the UK alone, the Information Commissioner’s Office has a budget of nearly £20m and estimates it is facing a £42.8m black hole in its finances.
Irish MEP Seán Kelly said Ireland is prepared for the changes, with a near doubling of the Data Protection Commissioner’s budget to €4.7m (£3.4m). It insists the regulator will open a bigger office in Dublin and have an increase in staff from 29 to 50. Until then it will continue to be run from a tiny office next to a corner shop in Portarlington, Ireland (pictured).
But while many business groups, including the CBI, the Industry Coalition for Data Protection (ICDP), the IAB, European Telecommunications Network Operators’ Association, Digital Europe and US lobby group Amcham have criticised the GDPR, most technology firms have been far less critical.
Given the fact that many US firms now house their HQs in Dublin, most will be thinking they have got off lightly. Facebook, for instance, issued cautious support for the regulation, suggesting it will clarify which data protection authorities have jurisdiction over a company.
“Having a single set of rules to protect Europeans’ personal data while creating opportunities for growth and innovation is important for people in Europe and the European economy,” a Facebook spokeswoman said.
One industry source said: “The likes of Facebook, Google, Apple and Twitter will be jumping for joy. How on earth can the Irish regulator cope with all those? It will only take one major investigation and the whole office will be tied up for months – if not years. A £3.4m budget is far too small to deal with these big tech firms. Most spend more on coffee machines, stationery and office furniture than that.”
EU reforms put £300bn digital market in jeopardy
EU data reforms: the top 5 issues for marketers
Industry cheer as EU opt-in data threat is lifted
EU data reforms already ‘out of date’
Firms left in lurch over EU reforms
Digital body rages over EU reforms
EU to thrash out data reforms at last
‘Gutted’ EU reforms bring DM cheer
New year cheer as EU laws stall again
EC digital and data chiefs get all-clear
Unknown Czech to seal industry fate
EU law ‘final nail in list broker coffin’
New EU chief slams data law critics
EU chiefs calm fears over opt-in