Ireland: Reporting about DPC procedures soon a crime!
Irish Parliament can stop last-minute "gag order" amendment.
In a surprising last-minute amendment to the otherwise innocuous "Courts and Civil Law (Miscellaneous Provisions) Bill 2022" from September 2022 the Irish Government added a provision that would allow the Irish DPC to declare almost all its procedures "confidential". Section 26A would make most reporting about procedures or decisions by the DPC a crime. Speaking about outlandish claims by "big tech" or unfair procedures that often concern millions of users would equally become a crime. Various civil rights groups have called to stop Section 26A. The Amendment has to be approved by the Irish Parliament on Wednesday at 8pm Irish Time.
- Link to the Amendment (new "Section 26A" in DPA 2018)
- Statements
- Statement by the Irish Council for Civil Liberties
- Call to stop the Section 26A by Amnesty International
- Open Letter by EDRi (representing 40+ EU digital rights organizations)
- Statement by BEUC (representing EU consumer rights organizations)
- noyb Letter to Members of the Irish Parliament
- Sophie in 't Veld (head of the liberals in the European Parliament)
- Irish Social Democrats calling to stop Section 26A
- Livestream on the Irish Parliament Website (starting at about 8pm / 9pm CET)
- Background on DPC's previous attempts to censor noyb
DPC and BigTech want 'privacy' - for themselves. For years the Irish DPC and Big Tech companies like Meta or Google try to sweep GDPR procedures against them under the rug. They don't just stamp even the most trivial submissions or arguments as "confidential" but also threaten regulators, claimants and NGOs when communicating their arguments to the public. The aim is to limit criticism and reporting about unlawful conduct, as this negatively influences stock prices and public perception. While this is widely rejected by regulators in most EU Member States, the Irish Data Protection Commissioner (DPC) has previously copied this approach and even removed noyb from procedures, when we did not comply with unlawful demands to delete content from our website.
Max Schrems: "You cannot criticize an authority or big tech companies if you are not allowed to say what's going on in a procedure. By declaring every tiny information 'confidential' they try to hinder public discourse and reporting."
Irish DPC and BigTech want to silence reporting. Section 26A would cover any "information" from and about a procedure. This would mean that parties to the procedure would not be allowed to speak about the steps or contents of cases, even when the DPC or big tech take extreme views or act unlawful. Big Tech companies like Google or Meta have previously insisted that all their submissions are "confidential", but did not have any legal basis for such claims. Section 26A would create such rules for the first time and cover any "person" (including citizens, non-profit organizations and journalists) and any "information". The DPC's image would benefit from a situation where the public is cut off from any information about procedures. Only the official narrative by the DPC would be available.
Max Schrems: "Instead of reacting to legitimate criticism, they now try to criminalize it.The proposed law in Ireland makes it criminal to share any information on a procedure. This shows that they fear the public and reporters more than anything.The law would however allow the DPC to selectively share information when it sees fit. It is mind blowing that this would happen in a European country."
Last form of accountability gone. The DPC is 'independent' from the government by law. Judicial action against the DPC usually costs upwards of € 100.000 in Ireland. This means that public accountability was often the only way to ensure that the DPC does its job. Section 26A now criminalizes this last form of accountability.
Max Schrems: "Public debate was the main form of accountability for the DPC. For the past years the DPC and big tech have provided very one-sided reports about pending procedures. noyb has often reported about highly problematic conduct by the DPC and big tech. This law seems to be a 'lex noyb' to make our work criminal. If others are now prohibited from talking about them, there will only be a 'government truth' left. This is extremely problematic in a democratic society."
Section 26A added in 'last minute' effort. At the final step of the legislative process, "Government Amendment No 9" suddenly adds a new Section 26A to the Irish Data Protection Act, allowing the Irish DPC to declare any information "confidential". The amendment was added by James Brown, Minister of State at the Department of Justice, without any prior public engagement. The bill now has to go back to the lower house of the Irish Parliament to get approved.
Max Schrems: "They added this provision last minute, to a law that is before the parliament since September last year. There was no proper public debate or consultation of people that will be affected by such 'gag orders'. The way that this 'gag order' law is passed is highly problematic too."
Violation of Irish and EU law & practice. It is unclear how Section 26A would be legal under Irish and EU law. The GDPR limits confidentialy duties to the employees of the regulators - others are free to speak. This is also the common practice in all other EU Member States. Any limitation of the freedom of speech on the parties would also have to be proportionate and limited to the minimum possible. In addition, the DPC has to regularly exchange documents with other authorities in the EU, that have to freely share them with the parties before them. The DPC has previously used alleged "confidentialty" to withhold documents from other EU colleagues, in violation of its EU law duties. It is to be expected that Section 26A will embolden the DPC when torpedoing cooperation.
Max Schrems: "While trade secrets are usually blackened, all other information is freely shared by other EU authorities. The European Data Protection Board even shares these documents under freedom of information laws. We are not aware of any EU data protection authority that would limit freedom of speech like the Irish law foresees. It is also unclear how the DPC can still cooperate with other authorities in the EU, if most documents become 'confidential'."
Civil society concerned. Since Section 26A was first reported on Monday by the Irish Times, many groups have voiced their concern. This includes Amnesty International, the Irish Council for Civil Liberties, EDRi (representing 40+ EU digital rights organizations), BEUC (representing EU consumer rights organizations) as well as the Irish Social Democrats or Sophie in 't Veld (head of the Liberals in the European Parliament).
Irish Parliament has last word. Given the last-minute amendment in the upper house of the Irish Parliament, the entire bill now has to go back to the lower house. As far as noyb is informed the final approval of the amendment is scheduled for Wednesday 28 June 2023 at about 8pm (21:00 CET) - only a week after the Amendment was first shared with the public. It will be up to the Members of the government majority to approve the amendment or not.
Max Schrems: "We call upon parliamentarians to stop this highly problematic last-minute amendment."