Billy Hawkes is the man who safeguards the digital data of more than a billion social media users. . . from above a shop in Portarlington
Published 16/02/2014 | 02:30
From his office above a shop in Portarlington, Ireland's data protection watchdog Billy Hawkes looks after the privacy of hundreds of millions of social media users across the world.
Hawkes has his eye on such digital behemoths as Facebook, Twitter and Google. It is his job to ensure that information – everything from teenagers' selfies to lists of email addresses – is not used in inappropriate ways.
If spying agencies or police forces are snooping on us or other Europeans he has to check that the information is being passed on legally.
Yahoo! is just the latest household name to join his to-do list after it announced it was moving a huge chunk of its European operation to Ireland. Hawkes will carry out a privacy audit on the online firm as he does with other internet companies that are based here.
When the Data Protection Commissioner moved in above O'Hanlon's foodmarket on a roundabout in Portarlington in 2006, it was supposed to be a temporary arrangement.
It was all part of a grand Fianna Fáil plan of decentralisation, moving civil servants from Dublin to country towns. "We were going to be one of four state agencies that were to be housed in purpose-built offices across the road, but that never happened," he told Weekend Review "It was just us in the end. So, we stayed here."
The shop downstairs is a typical small country supermarket, serving lunchtime sandwiches, sausage rolls, tea and coffee. Most casual visitors are probably blissfully unaware that upstairs is Europe's most important privacy hub.
Billy Hawkes' contacts book reads like a Who's Who of Silicon Valley.
Across the road there is the Odlums flour mill, nearby an old empty building that looks semi-derelict, and if you amble for a couple of hundred yards down Station Road past the Railway Bar, you are out in open country in the rolling hills of Laois.
Executives from some of the leading corporations in the world may pitch up in the Harry Potterish Victorian train station in Portarlington to visit Hawkes and his team.
"A lot of the time we go to visit them or sometimes they come here," says the data watchdog. "It's very convenient for Dublin."
The unfashionable location of the Data Protection Commissioner and his 28 staff has naturally given rise to stories in international media with a slight Paddy-the-Irish flavour, but Hawkes politely brushes this aside.
"There has been negative presentation of the fact that we were based above a supermarket in a small town in Ireland, but when you think it through, we have a perfectly adequate, functional office.
"The fact that we are above a supermarket is beside the point. People use that against us, but most of our work is done remotely on computers, so it doesn't matter where we are. I see this as a decentralisation success story."
The data watchdog's job has changed dramatically since he took on the role almost a decade ago.
When he started, the job mainly involved ensuring that bodies such as state agencies, banks and utilities were using personal information correctly.
"When I was appointed to my job, Facebook barely existed, and there was no such thing as Twitter. I now have extra responsibility because so many internet companies base their European operations in Ireland.
"As a result, Irish data protection laws apply to all their users in Europe. In the case of Facebook and LinkedIn, it is the entire user base in the world outside North America."
Because he has such a powerful responsibility, Hawkes is now regarded as an important figure in tech circles. He's believed to have had at least one meeting with the Facebook founder Mark Zuckerberg.
When one considers that he has responsibility for safeguarding the data of 990 million users of Facebook outside the US that is hardly surprising. The social network changed the way photos of its European users are tagged after consultations with the Irish watchdog.
So, who can snoop on our email or gaze at other private internet information without our permission? According to Hawkes, most security agencies in most countries can gain access to our communications. In Ireland, that could be the gardai, the tax authorities, or the Army.
"More leeway has been given to security agencies internationally since the 9/11 attacks," he says. Sometimes the snoopers have to get court orders to gain access to private internet information, but not always.
In the middle of last year, Hawkes found himself at the centre of a media storm when the whistleblower Edward Snowden revealed how Apple and Facebook were passing on information about European users to the US authorities. The watchdog made a ruling that an agreement between the EU and US, known as Safe Harbour, allows for such data to be exchanged.
Judging by the number of complaints to his office, Irish people are not that concerned about internet privacy. The vast majority of reports of data breaches come from internet users abroad.
Billy Hawkes says internet firms now have a remarkable capacity for gathering information about individuals.
"They have an accurate idea of your interests based on what you search for, what you say in messages such as Gmail, and they can add all this information together.
"They can then target you with detailed ads, because the information they have is so fine. Irish people seem to be happy to go along with this and know the deal. So long as you consent to it, that is fine, but the companies cannot sell on your information."
Hawkes says employers can also check on the internet activities of their staff at work, but they have to have made it clear beforehand that it was part of company policy.
"You can't monitor all the phone calls of your staff, and it is now a challenge to work out what is personal and work-related, because employees use the same devices at work and at home."
While Hawkes spends much of his time checking on internet firms, he is also concerned about how Irish public bodies use information.
"We have concerns about the quality of data protection in parts of the public service. As citizens we have no choice but to give state agencies personal information about ourselves. It should be handled very carefully."
He has come across cases where social welfare data had been leaked to private investigators acting on behalf of insurance companies. His office has just completed a report on the gardai that will be published shortly. In it he is expected to express concern about improper use of the force's Pulse computer system.
With the number of internet firms growing all the time, the office above O'Hanlon's supermarket is getting busier with each passing year, and Hawkes has recently taken on more staff. "It's good for us," says a man behind the counter downstairs in the shop. "Having them there has been great for business."
* As the privacy watchdog, the Data Protection Commissioner covers users of internet companies based here, including 990 million Facebook users worldwide.
* He is also responsible for 175 million users of the business-based social media site LinkedIn outside the US.
* He will shortly carry out a privacy audit of Yahoo! which is moving its European data-processing facilities to Ireland.