I’m Nick Vinocur, a tech reporter at POLITICO. My investigation found that the world’s chief enforcer of data privacy regulation has a history of catering to the companies it’s supposed to regulate – endangering the privacy of billions of people w...
Shortly after Europe imposed the General Data Protection Regulation, we decided to examine a pretty simple question: How is this going to work? And is it really going be a serious problem for big data-centric companies like Facebook?
It so happened that the responsibility fell largely to Ireland, a country of less than 5 million people whose economy is disproportionately reliant on foreign investment and where the tech industry makes up an estimated 10% of GDP. Not only was Ireland the lead enforcer of GDPR for the European operations of Facebook, Twitter, Microsoft and others, it also was in charge of investigating privacy problems on behalf of other EU countries via a newly established body called the European Data Protection Board.
This setup raised other questions: Was Ireland’s regulatory agency ready to take exacting measures against companies that form the bedrock of its economic livelihood? Was the regulator fully independent, empowered and acting in the interests of some 500 million European citizens?
The story goes into detail, but it basically lays out a pattern of accommodating corporate interests, avoiding disruptive enforcement action and prioritizing "engagement" — consulting — with companies whenever possible.
Ask me anything.
EDIT: Thanks for the questions, everyone. I'm signing off now but feel free to keep dropping questions below and I'll try to get to a few more tomorrow. – Nick