Former Meta Lobbyist Appointed as Irish Data Protection Commissioner: Conflict of Interest Concerns
What Happened
In a controversial move, Niamh Sweeney, a former senior Meta lobbyist who spent over six years at the company, has been appointed as a commissioner at the Irish Data Protection Commission (DPC). Sweeney previously served as head of public policy for Facebook Ireland and director of public policy for WhatsApp Europe. Her appointment began in October.
The DPC serves as the EU's lead privacy regulator for most US Big Tech companies, including Meta, Google, and Microsoft, due to their European headquarters being located in Ireland.
Why It Matters
Privacy activists, including Max Schrems of noyb, have raised serious conflict of interest concerns. Sweeney defended Meta during major cases, including the Cambridge Analytica scandal and proceedings that resulted in €390 million and €1.2 billion fines—both currently under appeal between the DPC and Meta. Critics argue this appointment demonstrates Ireland's pro-business stance toward US tech giants and raises questions about regulatory capture.
The DPC has historically been criticized for ineffective GDPR enforcement against Big Tech. Despite issuing fines totaling billions of euros, it has collected only 0.6% of those penalties. The appointment of a former Meta lobbyist to oversee ongoing cases against her former employer undermines public trust in the data protection commissioner's impartiality.
What Organizations Should Do
While the DPC's enforcement record may be questioned, businesses should not relax their data protection efforts. Key compliance takeaways include:
- Review data processing activities to ensure compliance with GDPR requirements, including data subject rights and consent mechanisms.
- Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
- Maintain robust documentation of processing activities and lawful bases.
- Monitor regulatory developments as scrutiny may intensify across EU member states.
For organizations seeking to streamline GDPR compliance, platforms like AIGovHub offer data privacy compliance tools that help monitor obligations and manage regulatory changes across multiple jurisdictions.