Data regulation is driving Dublin and Brussels apart

We've all seen the European GDPR notices that publishers put on their pages and sites to warn how our data may be treated. For many around the world this is a peculiar intervention. The 2018 European law seems to have outgrown its EU footprint and has an effect on users everywhere. Within Europe it has spawned a whole industry of publishers advising on how to create GDPR compliance and alert users to their rights. It is also an example of overreach in the European legislation that is causing many more tensions within the EU's digital sphere than outside it. The particular issue of regulating social media entities by Europe is – frankly – an unformed battlefield. Lawyers are having a field day with the efforts of the Brussels-based European Commission to impose its fiat on social media operators. Many of these battles are being fought in Ireland, a country of five million people that is having an outsize impact on digital regulation. Brussels is not entirely comfortable with how the Irish are going about this but what is at stake may be just as important as anything Elon Musk is attempting at Twitter. GDPR – the General Data Protection Regulation – set the rules for how companies can engage in profitable data processing. Each state in the EU is obliged to enforce the bloc-wide laws. Dublin matters because it is the European headquarters of a series of Silicon Valley champions. These are cross-border and cross-trading bloc companies that obviously seek to preserve business models based on uniform concepts of user-data gathering and targeted advertising. Ireland's Data Protection Commission regularly doles out fines and advisories. It levied a €395 million ($429.6 million) penalty on Facebook Ireland at the start of the year. This business has annual revenue of more than €100 billion. The issue was that Facebook, Instagram and WhatsApp were relying on a broad interpretation of "I accept" consent to process data from a significant portion of the EU's 450 million people. As big as the fine was, the Irish were targeted by the European regulator for not taking a tough enough approach. A review of the Irish decision in Brussels set out the very different position that the EU would prefer. Seven decisions taken by the European Data Protection Board in its short life have basically signalled a desire to overturn the Irish approach. It has also resorted to orders to increase the penalties as a result. Silicon Valley companies are not exactly bystanders in this and the scale of lobbying around the issue is massive. For the moment though there is a clear battle line where the EU side wants to make simple declarations of GDPR contravention and probably impose maximalist fines or restrictions. There is a reason why this is not happening. The Irish hold the authority to regulate, even if ultimate responsibility for the outcome is shared with the cross-European body. For Ireland, the regulatory approach is grounded in a very different legal tradition. This means the starting point of the action must be generated by a compliant, evidence gathered and grounds established for launching proceedings. Within that process comes the organic opportunity for mitigation and for the Silicon Valley firms to layer-in responses that cumulatively change the approach of the regulator. It is also clear that the Irish regulator regards some of the European assertions as untested, with the head of the Data Protection Commission warning against rewriting the GDPR "as we would have liked to have seen it written". There are echoes of the UK's post-Brexit agonies with its European legacy in all of this, even if Ireland is a staunch and wholehearted member of the bloc. The UK Parliament is currently faced with legislation to remove more than 2,000, possibly as many as 4,000, retained EU laws in one swoop on December 31 this year. The bill to revoke certain retained EU law is supported by those who believe that European-style legislation operates against the grain of the British common-law tradition, which that Ireland shares. Experts warn that a series of safety measures will be scrapped without ready replacements that are in place and tested. However, the London government is going ahead, claiming that piecemeal replacement will clean up the overall legal framework. Ireland has form in these matters. The government rejected a €13-billion back-tax fine imposed on Apple when the EU issued a ruling in 2016. The sum has since remained in escrow and an EU court backed the Irish stance in 2020. The final appeal is expected to start sometime this year, with Dublin quite willing to see the windfall returned to Apple. For those who fear that Ireland is too friendly to the Silicon Valley giants there is a calculation that the state is shaping policy to keep its tech sector onside. At a time when Google, Microsoft and Meta are all announcing global staff cuts, Irish Prime Minister Leo Varadkar is able to say with some confidence that the sector in Ireland is deep enough to ensure laid-off employees can find new work. That shows the virtues of good regulation, which is not punitive but seeks to curb abuse and protect consumers, not make trophy punishment announcements an end in itself.