If Ireland leads the way to the future of privacy

Ireland wants to gag those who raise privacy cases before its own national regulator, the DPC (Data Protection Commission). It might seem like a local judicial dispute, but instead it is news of European importance, also relevant for Italy. But why? The fact is that the major privacy procedures concerning Big Tech (Google, Meta, Tik Tok, etc.) arising in Italy or anywhere in the EU are normally managed by the Dublin regulator, because this is what the GDPR prescribes, the legislation European Union on personal data. Even if the infringement is committed in any country of the Union, for reasons of the system, the authority of the country where the accused Big Tech has placed its European headquarters must deal with it. And this country is normally Ireland, traditionally chosen as the seat of the large Internet multinationals for reasons of fiscal convenience and which has consequently also become the main forum for major disputes regarding personal data. All the major proceedings relating to the European GDPR regulation against Google and Meta have in fact been handled by the Irish DPC authority.

What is happening now in the Dublin Parliament? A surprise amendment introduced by the Minister of Justice would aim to make records and information of the trial before the DPC highly confidential, making those who allowed their disclosure liable to criminal penalties. The fact is that the news would also apply to the participants in the process, including the appellants, i.e. those who brought the Big Tech on duty before the regulator. It follows that a person whose data has been violated by Google, Meta or Tik Tok could not speak publicly about his case, under penalty of being indicted before the Irish courts. In most cases such a person would not be in Ireland but would instead be a German, Italian, French etc national, but who for procedural reasons was obliged to take the case to Ireland. The incredible Irish legislative proposal seems aimed at neutralizing Max Schrems, the Austrian activist who has built a career by initiating a barrage of proceedings based on the GDPR against Big Techs and from which substantial fines have resulted (most recently those against Meta on the profiling of users and on the transfer of European data to the United States). Schrems has not only tacked cases judicially, but has also created a media organization that campaigns on ongoing proceedings, bringing to public attention the fact that the DPC itself is not as fast and efficient as we are. would expect in pursuing Big Tech.

It is in fact known that all the decisions of the DPC on Big Tech are normally stigmatized by the European Board for data protection, which often reforms them in a more severe sense. The Irish government would now like to ease this media pressure by preventing Schrems and any other plaintiffs from speaking publicly about the cases brought before the DPC. A regrettable initiative which, as mentioned, could have deleterious effects on any European citizen, even Italian, who wanted to complain about how their data is processed by Google, Meta or Tik Tok.

However, the legitimacy of the new Irish law is questionable. The GDPR allows for confidentiality obligations for regulators’ employees, but leaves others free to speak, especially litigants, as is the case in all other EU member states. Any restrictions on the parties’ freedom of expression should be minimal and proportionate. Furthermore, the DPC itself regularly exchanges procedural documents with the other EU authorities, which must be able to use them also with third parties, and in fact the issue of confidentiality has sometimes been invoked by the Irish to weaken this cooperation. In short, there is something rotten in Dublin and the problem will soon arrive in Brussels as well as in other European capitals, increasingly impatient with how Ireland interprets its role as European hub of the GDPR.