The Irish general election surprised many by returning a majority first-preference vote for left of centre party Sinn Féin, whose ideology is based on democratic socialism and Irish republicanism.
Although difficult negotiations will take place in the coming weeks (and possibly months) over the formation of a government, we could likely see a number of impactful changes in Irish politics: Mary-Lou McDonald may well become Ireland’s first female Taoiseach; preliminary steps towards Irish re-unification may begin; and we may see, for the first time in over 100 years, a government that isn’t led by one (or both) of the major parties (Fine Fáil and Fine Gael).
But one potential impact hasn’t yet been talked about: how data protection is enforced in Ireland.
The Irish Data Protection Commissioner – a rock and a hard place
Helen Dixon, the Irish Data Protection Commissioner, has it tough. On the one hand she occupies the unenviable position of leading data protection supervision and enforcement in the country which nearly all the major data players call their European home. On the other, her supervisory authority is funded by the Department of Finance, which in 2019 took 20% of corporation tax revenues from the information and communication sector.
Some see this conflict as having been played out through denied requests by Helen Dixon for more funding (in the last budget the Data Protection Commission received only a quarter of the increase it was looking for). Inevitably, this has had a knock-on effect on the Data Protection Commission’s ability to manage a significantly increased workload, which in 2019 included 21 cross-border statutory inquiries and 457 cross-border complaints*. This increase has come in no small part from complaints made against the very businesses ultimately contributing the most to the Irish budget.
This has irked Europe, with Helen Dixon’s peers (unfairly in my view) openly criticising the Commission. Most recently, the German Data Protection Commissioner was quoted as saying:
“None of the cross-border cases under new data protection rules have been addressed…[the Irish Data Protection Commission] is insufficiently equipped for its task.”
With a centre-right led government looking unlikely to return to power, and a Sinn Féin led coalition a real possibility, will anything change?
The Sinn Féin manifesto – some interesting clues
Policy Platform
Whilst not directly addressing privacy or data protection, there are some interesting clues in the Sinn Féin manifesto as to what their positioning might be, starting with their policy platform:
“Successive governments have delivered … for big business, for vested interests and for golden circles. In Government, Sinn Féin will deliver for the people.”
Whilst the Sin Féin manifesto does not call out data companies, they clearly are “big business”. Equally, the GDPR is all about “the protection of natural persons”. So, there would at least seem a natural fit between the enforcement of the GDPR and Sinn Fein’s policy commitment.
Business, enterprise and innovation
However, in their commitments towards business a more conciliatory tune is played:
“Sinn Féin values foreign direct investment and is committed to retaining the 12.5% corporation tax rate that has been key in attracting many multinational corporations to locate in Ireland.”
Whilst the low corporation tax rate has indeed been fundamental to attracting foreign direct investment, it is by no means the only reason. Sinn Féin know this, so does this statement also suggest that nothing will change from a regulatory perspective for instance? I’m not so sure, given the policy platform Sinn Féin are standing on.
Justice and equality
This is borne out in their positioning on justice and equality, particularly as it relates to white collar crime:
“There is no single definition for white collar crime, and there is a confusing array of agencies responsible for the prevention, detection and investigation of this insidious crime. Sinn Féin in Government will demand probity and accountability from all who hold positions of power and responsibility. We will take on white collar crime and we will uphold the common good.”
Contraventions of data protection law are not (generally speaking) crimes. However, the strong inference is that Sinn Féin does intend to hold business to account for breaches of the law. The Sinn Féin priorities in this area support this:
“…strengthen investigative, enforcement and prosecution powers and penalties contained within existing company, employment and public administration legislation; [and increase] the investigative and enforcement powers of the Competition and Consumer Protection Commission…”
All in all, the indicators suggest when it comes to data protection, Sinn Féin may be more aligned to a path of active enforcement than perhaps some might say of previous governments.
The Green Party – holding the keys to government
Sinn Féin won’t get into government all on its own. Whilst there are many permutations as to how the next government will be formed, the Green Party will almost certainly be a king maker. But this will come with conditions. The Green Party’s alliance with Fine Fáil led to their wipe out in 2011. This undoubtedly means that in any future coalition (whoever that may be with) the Green Party will hold firm to as many of its manifesto commitments as it can. One such commitment (hidden at page 25 of the Green Party manifesto), and of which there was no mention during the election campaign, is this:
“Increase the funding of the Data Protection Commission to allow greater enforcement of digital rights, and to ensure that Ireland delivers on its responsibilities under GDPR.”
So, under a left-led coalition, the chances are this commitment could well remain in place, aligning as it does with the sorts of commitments being made by Sinn Féin.
Unlocking the Irish Data Protection Commission
I’m not going to predict a left-led coalition government for Ireland. But I will predict if that comes about, it won’t be long before Helen Dixon lobbies the appointed Minister for a significantly increased budget. The chances are far greater she will succeed and she may even be encouraged to quickly address the sorts of concerns expressed by her colleagues elsewhere in Europe.
That’s important for privacy rights. Unleashing new and expanded resources on the growing lists of complaints and investigations to be dealt with by the Irish Data Protection Commission will really start to give the GDPR the impact it was intended to have, fulfilling the intent of the one-stop shop to simplify and enhance regulatory oversight over cross-border processing. Long sought rulings will start to really set the GDPR landscape, shape data companies’ future decisions, and bring about some of the changes the GDPR was intended to deliver.
So, whilst the Irish people may have voted on Irish issues, their voice may also have started the real transformation of data protection in Europe.
* The Data Protection Commissioner’s Annual Report for 2019 has just been published: https://www.dataprotection.ie/sites/default/files/uploads/2020-02/DPC%20Annual%20Report%202019.pdf
