What happened to those €4billion in Irish GDPR fines?

And what does it cost our regulators and courts?

What happened to those €4billion in Irish GDPR fines?

An aside: ICYMI, my piece on Ireland's digital policy priorities for its EU Presidency - that starts today - is in Tech Policy Press, here.

While dodging rain showers near the canal yesterday I bumped into RTE's Brian O'Donovan, who was setting up to record a piece-to-camera outside the Data Protection Commissioners' office. He had been in Ireland's (and by default, Europe's) GDPR enforcer's new offices, nestled between LinkedIn, Stripe and IBEC in the shiny new office development on Wilton Terrace, to cover the launch of their annual report. Two things from his reporting stood out to me (you can read / watch his report here).

AI is fuelling more GDPR complaints

Firstly, that the DPC had noticed a huge increase - 45% - in the number of complaints received last year, and they put at least some of this down to AI.

I got the sense they weren't exactly thrilled at having to deal with all of the hallucinated GDPR articles the chat bots were inventing. But when Brian asked them if the complaints being submitted were just slop, the Commission were confident that for the most part, they were not.

These were genuine complaints of real people who felt their rights had been violated.

So it seems like the chat bots are giving people the confidence to articulate their concerns, using language and structures that they feel will be respected or accepted by a regulator. One would imagine it is now also easier for complainants from other EU countries aggrieved by Irish registered Big Tech companies to submit complaints to the Irish Regulator.

The growth trajectory, the DPC says, seems to be continuing this year.

This gave me so much joy. Finally, a good use for the unearned confidence of an AI chatbot.

The role of our courts in EU enforcement

The second thing gave me considerably less joy. The DPC likes to point out that since 2018 it has issued over €4 billion in fines. I have often wondered where this money goes, and in theory it goes to the Irish exchequer.

But, the DPC admitted to Brian, "only around €20 million has been paid due to legal challenges being taken by the companies involved."

So all of those headlines that we see, like the one below, of historic €500m fines, only one half of one percent of these have been paid in the eight years of enforcement to date.

Headline from the DPC website on last year's TikTok fine. This is being appealed in court and not a penny has been paid.

It is well noted that Irish regulators are overloaded with Europe wide enforcement (Johnny Ryan has strong views on enforcement in the Guardian yesterday).

These legal challenges - which are expensive - don't just fall on the DPC. As I wrote earlier this year in Tech Policy Press, Coimisiún na Meán, just a few years old, was already facing 12 lawsuits from tech companies at the start of this year. In their first of operation they were already facing four legal challenges, which left them with a bill of €5.8million.

It hadn't really occurred to me until learning all of this just how much time and resources of our courts is being used dealing with Big Tech avoidance of EU regulatory compliance.

One can imagine it well dwarfs that €20million.

Have you considered supporting The Briefing?

Did you know it costs about €45/ month to sustain The Briefing using a privacy safe / N@zi free alternative to Substack? (I use Ghost, in case you are curious).

You can support these costs with a one off donation here or below.