Ireland sheds the ‘soft touch’ label with nearly €1bn in fines for Mark Zuckerberg’s under-fire meta

In the short term it does.

Even the regulator’s harshest critics have hailed the recent DPC fine of €265 million against Meta as a positive move.

Max Schrems, the Austrian data protection activist and Irish DPC’s Bete Noir, called it “a good start”. That’s the first half-kind thing he’s had to say about Ms. Dixon’s office in five years.

And it’s the same everywhere among those who accuse Ireland of making it too easy for big tech.

Quite simply, the fines are now making themselves felt. In the last 18 months, Meta alone has been fined €912 million by the Irish regulator; Instagram was fined €405 million in September for failing to protect children’s data, while WhatsApp was fined €205 million last year.

While that only adds up to about a month’s profit for Meta, it comes at a time when Mark Zuckerberg’s company is in trouble. At a time when thousands of jobs around the world are being cut to save money, €900 million isn’t the petty cash it once could have been.

It’s also a big step up from the mere €450,000 fine it was slapped on Twitter two years ago, which sparked an outcry over its diminutive size. (In the DPC’s defense, this was a far lesser infraction than some of the much heavier fines currently being imposed.)

Overall, Ms Dixon’s office has now imposed two of the three largest fines under Europe’s GDPR since the Data Protection Act came into force. Only Luxembourg’s 746 million euro fine for Amazon is comparable. Even so, the Irish office still has work to do to catch up with the $5 billion fine that US regulators have slapped on Meta.

And data protection penalties are still a fraction of other regulatory sanctions within the European judicial, administrative and political system. Google, for example, has been fined a total of €8 billion by the European Commission for competition-related violations in recent years.

But if Ms. Dixon were to pick a totem break to hang her latest meta fine, this isn’t a bad one.

The fine was imposed because between 2018 and 2019, Facebook failed to prevent millions of its users’ phone numbers, emails and other personally identifiable information from being “scraped” and published on the internet.

If the Irish Independent reporting at the time, we were able to obtain the personal phone numbers of gardaí, acting judges, prison officials, social workers, journalists and others.

Around 1.3 million Irish Facebook accounts were affected, and hundreds of millions worldwide were also affected. Soon after, Ireland and Europe were hit by a rise in fraudulent calls and text messages, which has only started to decline in the last year. People were angry. But Facebook shrugged, blaming the problem on “evil actors” who “scraped” the Facebook website for personal information.

In its decision this week, Ireland’s DPC disagreed. It said it was Facebook that didn’t design its systems well enough to prevent such scraping.

So where does Ireland now stand in its reputation for regulating big tech?

Further tests will be carried out in the coming months.

The DPC still has around 20 pending investigations and probes into big tech companies, from TikTok to Google to Meta (which remains the most-investigated company). It’s possible that the fines will soon be in the billions, rather than the hundreds of millions.

The world can also expect Ms Dixon’s office to become embroiled in Elon Musk’s messy, brutal takeover of Twitter. Since this company is currently cutting corners, there may be real risks not only to civil discourse, but also to user privacy.

However, it seems that the institutional wheels of the DPC are turning.

Those close to Ms Dixon’s office say it has always been the case. Officials there have argued for some time that criticism of the agency failed to appreciate the sometimes annoyingly long time administrative regulatory processes can take if they are to weather challenges posed by the tech giants’ unmatched legal resources.

Look what happens in countries like the UK, they point out, when decisions are successfully challenged or fines are reduced to a fraction of their original size because the regulator acted too quickly.

But it’s also possible that pressure from such relentless criticism – including from European Commission officials – may have played a small part in the Bureau’s progress. The Irish government’s move to increase the number of commissioners from one to three was an admission that there was a trust issue. perception matters. money speaks

Whatever the reason or the contributing factors, it can reasonably be argued that the DPC is less likely here to face as intense, harsh criticism from abroad as it has endured.