Read on Twitter
When the #EU passed its landmark #GeneralDataProtectionRegulation (#GDPR), it seemed like a #privacy miracle. Despite the most aggressive lobbying Europe had ever seen, 500 million Europeans were now guaranteed a digital private life. Could this really be?
1/
1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/05/15/fin…
2/
pluralistic.net/2023/05/15/fin…
2/
Well, yes...and no. Despite flaws (#RightToBeForgotten), the GDPR has strong, well-crafted, badly needed privacy protections. But to get those protections, Europeans need their privacy regulators to enforce the rules.
3/
3/
That's where the GDPR miracle founders. Europe includes several tax-havens - Malta, Cyprus, the Netherlands, Luxembourg, Ireland - that compete to offer the most favorable terms to international corporations and other criminals.
4/
4/
For these havens, paying little to no tax is just table-stakes. As these countries vie to sell themselves out to giant companies, they compete to offer a favorable regulatory environment, insulating companies from lawsuits over corruption, labor abuses and other crimes.
5/
5/
All of this is made possible - and even encouraged - by the design of European federalism, which lets companies easily shift which flag of convenience they fly. Once a company re-homes in a country, it can force all Europeans to seek justice in that country's courts.
6/
6/
Those hearings take place under the looming threat that the company will up sticks for another haven if the law doesn't bend over backwards to protect corporate citizens from the grievances of flesh-and-blood humans.
7/
7/
Big Tech's most aggressive privacy invaders have long flown Irish flags. Ireland is "headquarters" to Google, Meta, Tinder, Apple, Airbnb, Yahoo and many other tech companies.
8/
8/
In exchange for locating a handful of jobs to Ireland, these companies are allowed to maintain the pretense that their global earnings are afloat in the Irish Sea, in a state of perfect, untaxable grace.
9/
9/
That cozy relationship meant that the US tech giants were well-situated to sabotage Ireland's privacy regulator, who would be the first port of call for Europeans whose privacy had been violated by American firms.
10/
10/
For many years, it's been obvious that the Irish @DPCIreland was a sleeping watchdog, with infinite tolerance for the companies that pretend to make Ireland their homes. *87%* of Irish data protection claims involve just eight giant US companies (that pretend to be Irish).
11/
11/
But among for hardened GDPR warriors, real extent of the DPC's uselessness is genuinely shocking. A new report from @ICCLtweet reveals the DPC doesn't merely tolerate privacy crimes, they're gamekeepers turned poachers, collaborators in privacy abuse:
iccl.ie/wp-content/upl…
12/
iccl.ie/wp-content/upl…
12/
The report's headline figure really tells the story: the @EU_EDPB - which oversees Ireland's DPC - overturns the Irish regulator's judgments *75% of the time*.
13/
13/
It's actually worse than it appears: that figure only includes appeals of the DPC's enforcement actions, where the DPC bestirred itself to put on trousers and show up for work to investigate a privacy claim, only to find that the corporation was utterly blameless.
14/
14/
But the DPC almost never takes enforcement actions. Instead, they remains in their PJs, watching cartoons and eating cereal, offering an "amicable resolution" (a settlement) to the accused. 83% of the cases brought before the DPC are settled with an "amicable resolution."
15/
15/
Corporations can bargain for multiple, consecutive amicable resolutions, allowing them to repeatedly break the law and treat the fines - which they negotiate themselves - as part of the price of doing business.
16/
16/
This is illegal. European law demands that cases that involve repeat offenders, or that are likely to affect many people, *must* be fully investigated.
17/
17/
Ireland's government has stonewalled on calls for an independent review of the DPC. The DPC continues to abet lawlessness, allowing corporations to use privacy invasive techniques for surveillance, discrimination and manipulation.
18/
18/
In 2022, the DPC concluded 64% of its cases with mere reprimands - not even a slap on the wrist.
19/
19/
Meanwhile, the DPC trails the EU in issuing "compliance orders" - which directly regulate the conduct of privacy-invading companies - only issuing *49* such orders in the past 4.5 years. The DPC has only issues *28* of the GDPR's "one-stop-shop" fines.
20/
20/
The EU has 26 other national privacy regulators, but under GDPR, they aren't allowed to act until the DPC delivers a draft decision. The DPC is lavishly funded, with a budget in the EU top five, but all that money gets pissed up against a wall, with inaction ruling the day.
21/
21/
Despite the collusion between the tech giants and the Irish state, time is running out for America's surveillance-crazed tech monopolists. The GDPR *does* allow Europeans to challenge the DPR's do-nothing rulings in European court, after a long, meandering process.
22/
22/
That process is finally bearing fruit: in 2021, @johnnyryan and the Irish Council for Civil Liberties brought a case in Germany against the #AdTech lobby group #IAB:
pluralistic.net/2021/06/16/ins…
23/
pluralistic.net/2021/06/16/ins…
23/
And the activist @maxschrems and the group @NOYBeu brought a case against Google in Austria:
pluralistic.net/2020/05/15/out…
24/
pluralistic.net/2020/05/15/out…
24/
But Europeans should have to drag tech giants out of Ireland to get justice. It's long past time for the EU to force Ireland to clean up its act.
25/
25/
The @EU_Commission is set to publish a proposal on reforming Ireland's DPA, but more action is needed. In the report, the Irish Council For Civil Liberties calls on the European Commissioner for Justice, @dreynders, to treat this issue with the urgency that it warrants.
26/
26/
As the ICCL says, "the EU can not be a regulatory superpower unless it enforces its own laws."
27/
27/
Image:
Cryteria (modified)
commons.wikimedia.org/wiki/File:HAL9…
CC BY 3.0
creativecommons.org/licenses/by/3.…
eof/
Cryteria (modified)
commons.wikimedia.org/wiki/File:HAL9…
CC BY 3.0
creativecommons.org/licenses/by/3.…
eof/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
