Silicon Valley’s Top Privacy Cop Rejects Claims She’s Too Lax
EU Privacy Enforcement Not Good Enough, Top Official Warns
(Bloomberg) -- Silicon Valley’s top privacy watchdog in Europe rejected claims she is too lax on tech giants amid comments from one of the architects of the region’s landmark data-protection law bemoaning failures to enforce the rules.
“People who say it’s all very simple, I don’t think that’s true, unfortunately,” Helen Dixon, Ireland’s data protection commissioner, said in an interview with Bloomberg. Dixon, who oversees the swathes of U.S. firms with European Union bases in Ireland, said no one “knows a perfect solution” to regulation, “particularly as concerns the big platforms.”
The bloc’s General Data Protection Regulation, which took effect in 2018, empowers EU data regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. But tensions have been building among data watchdogs over the amount of time Ireland’s authority is taking to complete probes of the likes of Meta Platforms Inc.’s Facebook and Apple Inc.
Dixon was speaking ahead of a warning from European Commission Vice President Vera Jourova, who said on Thursday she is “not satisfied” with the extent the bloc’s powerful rules are being put to the test by national authorities. Jourova -- who helped draw up the GDPR -- said that if the system for decentralized enforcement of law “does not work, then we will have to propose changes.”
Dixon said that her agency has to work with “the legal framework that’s there and try everything we can under it to deliver results.” She said it “will learn from what works, from what doesn’t work, what fails in the courts, what succeeds.”
Despite the criticism, the Irish watchdog has fined Twitter 450,000 euros ($510,000) in one investigation and in September ordered Facebook Inc.’s WhatsApp to pay 225 million euros for failing to be transparent about how it handled personal information.
More is in the pipeline. A draft decision in a probe into Instagram and children’s data processing could be ready soon to be sent to the other 26 EU data watchdogs for their approval, Dixon said. GDPR obliges her office in probes with EU-wide effects to seek their approval, which can drag out the process.
Draft decisions are already being considered by colleagues in two more probes concerning Facebook, one looking into several data breaches, the other stemming from a complaint by privacy activist group Noyb, which published the confidential draft decision with a fine of as much as 36 million euros.
©2021 Bloomberg L.P.