Twitter policing role for Irish Data Commissioner won't lead to all-powerful office
Twitter's legal declaration of Irish law applying from now on doesn't mean a switch to an all-powerful Irish data protection office.
In fact, Twitter’s announcement that it is switching its legal data responsibilities to Ireland is unlikely to affect the activities of Irish Data Protection Commissioner much at all in the short term, according to a spokesman for the office.
The social media giant said that, from May 18, "Twitter International Company will be responsible for handling your account information under Irish privacy and data protection law". Twitter claims that this applies to all of its users outside the US.
And this move has sparked plenty of media speculation that Ireland will now be primarily responsible for regulating Twitter’s activities.
But legal experts and the Data Protection Commissioner here say that Twitter’s self-declared Irish provenance “won’t really change” the status quo. It won't change Twitter's legal responsibilities or who it answers to.
So the Irish Data Protection office won't suddenly have a mountain of new work.
“EU law in each country was always, and remains, applicable to EU users,” said a spokesman for the office of Helen Dixon, the Irish Data Protection Commissione
“If someone in Spain has a complaint about Twitter, it’s investigated there. There isn’t really any change as we are not the exclusive regulatory authority.”
This was echoed by the Data Protection Commissioner, Helen Dixon, in a recent interview with The Irish Independent.
“We’ve had a lot of media queries since Twitter made its announcement,” said Ms Dixon.
“In fact, under the 1995 directive, an organisation like Twitter that has hundreds of thousands of European users would always have been covered. Simply because users are signed up with something called ‘Twitter Inc’, didn’t mean that they weren’t covered under the protections of existing European law.
"And that’s a point that the Google Spain judgement underlined. It doesn’t matter whether a company like Twitter or Google says ‘but we’re a US data controller, not a European controller’.
"So even though Twitter users up to last week were signed up under ‘Twitter Inc’ we would always have seen ourselves as responsible.”
Irish data privacy expert Daragh O’Brien said that a future change in European law governing data transfers to the US -- known as ‘Safe Harbour’ rules -- may be the real motivation behind Twitter’s decision to namecheck Ireland as its new global base for data protection law.
“It’s possible that Twitter may be anticipating a change in Safe Harbour because of recent developments and the direction European authorities are taking,” said Mr O’Brien. “If so, it would help them to have a single defined office.”
But he said that a recent European Court Of Justice decision outlining a ‘right to be forgotten’ and involving Google highlighted that EU citizens can take action in any European country against a service that is commercially active there.