Ireland: Former meta-lobbyist becomes data protection officer

Can a former lobbyist for the Meta Group, of all people, rein in the tech industry and organize effective oversight? From mid-October, we will find out exactly that: the Irish cabinet has approved the appointment of former lobbyist Niamh Sweeney as one of three heads of the Irish Data Protection Commission, according to Justice Minister Jim O'Callaghan. Sweeney was previously chief lobbyist for Facebook in Ireland, later responsible for WhatsApp in Europe, and also worked for the payment processor Stripe.

Irish oversight relevant for all of Europe

The appointment of the former television journalist, lobbyist, and consultant has significance beyond the island's borders: hardly any other EU member state plays as important a role in enforcing European data protection law as Ireland. Because the EU headquarters of international corporations such as Meta, Microsoft, Google, and TikTok are located there – primarily for tax reasons – the Irish Data Protection Authority is primarily responsible for supervising these companies. And in the past, it has had a reputation for not always living up to this responsibility – and in some cases, imposing heavy fines.

Unlike in Germany, where the federal and state data protection commissioners are elected by the parliaments, the DPC's management is appointed by the government for five years at a time and is then supposed to act independently. From 2026, the authority in Ireland will also play a role in enforcing parts of the European AI Regulation. The Department of Justice in Dublin cites Sweeney's appointment in connection with these other tasks.

"Kissing the ass of big tech"

For European data protection activist Max Schrems, who has been at loggerheads with the DPC for years and has already sued the supervisory authority, the appointment is an absurdity. Sweeney had lobbied for Meta during the Cambridge Analytica scandal, among other things. After 15 years of Ireland still appearing to enforce European law, this step is now the "kiss on the backside of the US big tech companies", Schrems mocks.

While the appointment is causing massive irritation, especially internationally, one of the loudest DPC critics in Ireland is keeping a low profile. "We have high expectations of you," says Johnny Ryan from the Irish Council for Civil Liberties (ICCL) diplomatically on LinkedIn.

Even beyond the criticism of Sweeney's appointment, one aspect in particular will play a role in the future: How the European data protection supervisory authorities will behave towards the submissions from Dublin in their joint decisions. In some member states, data protection officers with a strong business orientation have recently been appointed. However, following a change at the top and the appointment of two new heads, the Irish Data Protection Authority recently concluded several notable proceedings after many years, which is also reflected in the binding decisions of the European Data Protection Board, which can override the decisions of individual supervisory authorities. In the past, this mainly affected Ireland –, where DPC decisions were significantly tightened on various occasions.

(vbr)