An 11-hour amendment to the Irish Government’s Courts and Civil Law (Miscellaneous Provisions) Bill 2022 will serve to ‘gag’ people who want to speak out about how big tech and public bodies are misusing their data.
That’s according to a statement from the Irish Council for Civil Liberties (ICCL), a civil rights and human rights non-profit organisation, calling on politicians to veto the amendments when they come up for debate in Parliament on Wednesday.
Since the introduction of GDPR in 2018, Ireland has emerged as the main enforcer of European data protection rules, in large part due to the fact that most major US tech platforms have their European affiliates on the Emerald Isle.
In short, the GDPR aims to put citizens in control of their data and give them the power to hold companies accountable through more transparency and appropriate redress if they mishandle their users’ personal data. Prominent privacy advocates and activists have used the GDPR for precisely this purpose, including the ICCL and Austrian lawyer Max Schrems, who has filed numerous complaints against companies such as Amazon, Apple, Netflix and Facebook’s parent company Meta for their handling and transfers of user data.
However, with the Irish government tacitly proposing the proposed change, it could silence any serious criticism of both billion dollar companies and the Irish Data Protection Commission (DPC) itself.
“Ireland’s enforcement of the GDPR against big tech and the way it upholds the data rights of everyone in Europe should not be subject to last-minute changes brought in during the end-of-term legislative frenzy,” said ICCL Senior Fellow dr Johnny told Ryan in a statement.
The amendment proposes a new Section 26A for the Data Protection Act 2018 that would prohibit “the disclosure of confidential information” disclosed at any point during a complainant’s interaction with the DPC. For example, an activist, lawyer or citizen filing a complaint would not be able to disclose key details of the complaint to the public (e.g. the media) if that information has been classified as “confidential” by the DPC itself. It’s not entirely clear what type of information might be classified as “confidential”, but it appears to be quite broad and includes “commercially sensitive” information, any information that has been “disclosed in confidence” or information from which ” can reasonably be expected to be detrimental to the business.” Effectiveness and performance of a relevant function.”
According to the ICCL, if this change gets the green light it would “make it impossible for journalists to properly report on Ireland’s GDPR oversight of big tech companies” or any organization that sees Ireland as their European base – that includes Meta, Apple, Microsoft, Google and Tiktok.
“Justice should be done publicly,” Ryan said. “The DPC should hold public hearings on the GDPR. Instead, the government is trying to make the DPC’s decision-making even more opaque.”
None of Your Business (NOYB), an Austria-based nonprofit co-founded by Max Schrems in 2017, also commented on the proposed changes, saying that Big Tech and the DPC “want privacy for themselves” by using the Preventing people from simply talking about the details of a complaint.
“You can’t criticize an authority or big tech company if you can’t say what’s going on in a process,” said Schrems. “By declaring every little piece of information ‘confidential’, they try to hamper public discourse and reporting. Instead of reacting to justified criticism, they now try to criminalize it. Proposed law in Ireland makes it a criminal offense to disclose information about a proceeding. This shows that they fear the public and reporters more than anything else. However, the law would allow the DPC to selectively share information when it sees fit. It is overwhelming that something like this would happen in a European country.”
TechCrunch has reached out to the DPC for comment and will update here as soon as we hear anything.