The EU’s Digital Services Act (DSA) was recently announced amid much fanfare. Intended to regulate online content, the DSA has been presented as a victory for privacy and data protection rights. But take a closer look, and the DSA is actually a slap on the wrist for Ireland, writes Johnny Ryan, Senior Fellow, Irish Council for Civil Liberties (ICCL).
The European Commission has effectively removed regulation away from Ireland and to Brussels because of our inability or unwillingness to regulate Big Tech. This will cost us investment and jobs as we have missed the opportunity to be the centre of global tech regulation.
Because of failings by Ireland’s Data Protection Commission (DPC) to tackle many big problems that should have been fixed under the existing General Data Protection Regulation (GDPR), which the EU introduced in 2016, and applied in 2018, these problems persist today.
The DPC should has already resolved the issue of micro-targeted ads based on Cambridge Analytica-style intimate profiles. Misleading consent requests are also already unlawful. Yet, European legislators felt the need to outlaw these things again. On the positive side, the DSA has some useful provisions. Now, watchdog organisations will gain access to Big Tech’s opaque and harmful algorithms. Tech firms will also have to take more care about the safety of products sold on their marketplaces. And image-based sexual abuse will be more robustly policed.
But in the midst of this, Ireland has badly failed in its duty to enforce the GDPR on Big Tech firms and protect the rights of millions of Europeans.
Failure to act
In 2021, the Oireachtas Justice Committee recommended that the Government launch an independent review of how to strengthen and reform the Data Protection Commission – a measure that the European Commission endorsed. It also recommended the appointment of two additional data protection commissioners.
Unfortunately, while the Government is still talking about taking action, damage to Ireland has mounted, and continues to mount.
Ireland’s own goal
Ireland could have and should have been the key global location for digital regulation, and in turn the digital economy. This would have created and sustained work for many people, unfortunately it has now missed that opportunity. At the Irish Council for Civil Liberties, we have long been warning that the failure to uphold the rights of 448 million Europeans creates strategic economic and reputational risks for Ireland.
Lawmakers in Europe initially contemplated a mechanism like that in the GDPR that would give Ireland enforcement powers across the EU for all online content. This is a vast digital market and would have added to Ireland’s pre-eminence as a location for business in the European Union. Ireland would have been the super enforcer for all online content issues across the EU, solidifying Dublin’s place as the capital of Europe’s digital market.
But this plan was abandoned. Instead, the European Commission has stepped in and will exclusively supervise Big Tech firms under the DSA. This represents an embarrassing side-lining of our domestic Data Protection Commissioner and a not-so-subtle slap on the wrist for the Government by our European partners.
While Ireland remains the lead GDPR enforcer for Big Tech, this is a lost opportunity. The EU clearly regards Ireland as having failed in its role as the primary regulator under GDPR. Promoting Dublin as a global technology hub is a cornerstone of Irish industrial strategy. This should seriously worry the Irish Government and the Irish exchequer.
The DSA may be a sign of things to come. The European Parliament has just signalled it wants to regulate the forthcoming Artificial Intelligence Act directly from Brussels, too. Unless Ireland shows it is serious about enforcing EU digital law, it has little hope of becoming a key digital centre not only for online content, but for artificial intelligence also.