Privacy activist Max Schrems is deeply concerned about an Irish bill that would prohibit criticism of the Irish privacy regulator DPC and Big Tech. It involves a new section that the Irish government intends to add to privacy legislation. According to Schrems, it would turn most posts about DPC procedures or decisions into a criminal offense.
The privacy activist points out that the DPC and big tech companies such as Meta and Google have been trying for years to sweep under the rug GDPR procedures initiated against them by labeling them as confidential. The new bill prohibits the publication of confidential information and allows the DPC to label any information as confidential. Sharing such information could result in fines of thousands of euros.
Schrems and his privacy organization, noyb, have been at odds with the Irish privacy regulator for years. For example, noyb has taken the DPC to court multiple times to assess submitted privacy complaints. “You cannot criticize a regulator or big tech companies if you are not allowed to disclose what happens in a procedure. By declaring every bit of information ‘confidential,’ they are trying to hinder public debate and reporting,” states Schrems.
“Instead of responding to legitimate criticism, they are now trying to criminalize it. The bill in Ireland makes it a crime to share information about a procedure. This shows that they fear the public and journalists more than anything else. However, the law would allow the DPC to selectively share information whenever it wants. It is astonishing that this could happen in a European country,” the privacy activist continues.
Schrems notes that there has been no public debate about the planned addition to privacy law. “In recent years, the DPC and big tech have presented a very one-sided view of ongoing procedures. Noyb has often reported on the highly problematic behavior of the DPC and big tech. The law seems to be a way to criminalize our work. If others are no longer allowed to talk about them, only a ‘government truth’ remains. This is highly problematic in a democratic society.”
The DPC is often accused of favouring big tech companies, many of which have their European headquarters in Ireland. This is something the DPC has always denied. Fines imposed by the DPC for GDPR violations have repeatedly been deemed inadequate by European privacy regulators, leading them to force the DPC to come to a new penalty decision.”