Civil Servant Takes Over Ireland Privacy Post; Radical Changes in Data Protection Unlikely

By Ali Qassim

Sept. 11 —Helen Dixon, an Irish civil servant with previous experience working for a computer software company in Europe has been appointed Ireland's new Data Protection Commissioner (DPC), the government announced in a Sept. 10 statement.

Dixon, who for almost five years has held the post of registrar at the government's Companies Registration Office (CRO)—which describes its role as being “the central repository of public statutory information on Irish companies and business names”—succeeds Billy Hawkes, who earlier in September retired from the post he held since 2005.

Many large U.S. multinationals, including Internet and social media companies such as Facebook Inc., Google Inc. and LinkedIn Corp., have made Ireland their European headquarters, partly because of favorable tax laws, but also because Ireland's data protection regime under Hawkes was considered to be accessible and collaborative in pursuit of privacy protection.

For example, in January, Hawkes said that although he looked forward to enforcing the proposed European Union data protection regulation should it be enacted, he didn't believe excessive use of the large new fines that would be part of the regulation was an advisable means of achieving corporate compliance.

Attorneys contacted by Bloomberg BNA to comment on the Dixon appointment and how it might change how Ireland handles data protection compliance issues were unwilling to comment on the record. But it is unlikely that Dixon's appointment will radically alter the existing dynamic.

U.S.-EU Safe Harbor Issues

Hawkes took a largely hands-off position in regards to complaints about U.S. Internet surveillance activities. In July 2013, he rejected calls to investigate Facebook's or Apple Distribution International's role in allegedly transferring EU citizens' data to the U.S. National Security Agency because both companies were participants in the U.S.-EU Safe Harbor Program.

The U.S.-EU Safe Harbor Program allows over 3,000 U.S. companies to transfer to the U.S. the personal data of EU citizens, on the basis that the transfers are done in accordance with privacy principles similar to those contained in the Data Protection Directive (95/46/EC).

The decision not to investigate the complaints against Facebook and Apple ended up being challenged in the courts. In June, Ireland's High Court asked the European Court of Justice, the EU's top court, whether given the NSA's activities, the Safe HarboProgram should still be considered adequate to protect EU citizens' personal data.

Asked whether Dixon could review Hawkes's stance on the case, Kate Colleary, the head of the Intellectual Property and Data Protection Group at Eversheds LLP in Dublin, told Bloomberg BNA Sept. 11 that “it would be unusual for the new DPC to start undoing her predecessor's decisions.”

Although “her view on matters going forward may be different,” Colleary said she “wouldn't expect a radical change” as it would “be difficult to row back from the previous stance adopted from a political perspective.”

‘Interesting Appointment.'

“It's an interesting appointment in that the new DPC is someone with experience working in both the private and public sector,” Colleary said.

Prior to her time at the CRO, which is part of the Department of Jobs, Enterprise and Innovation (DJEI), Dixon worked in other duties at the DJEI for almost two and a half years.

From 2000 and 2004, Dixon managed technical support services across Europe, the Middle East and Africa for the U.S.-based computer software company Citrix Systems Inc.

Heading Privacy in ‘Digital Age.'

As head of the DPC, Dixon will be responsible for upholding the rights of individuals as set out in the 1988 Data Protection Act as well as the Data Protection Amendment Act 2003, which transposed the EU Data Protection Directive, the government statement said.

The role has a “critical importance” particularly as “we move at an increasingly faster pace into the digital age,” Minister for European Affairs and Data Protection Dara Murphy said in the statement.

The DPC didn't return Bloomberg BNA's telephone calls seeking comment on Dixon's appointment.

To contact the reporter on this story: Ali Qassim in London at correspondents@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com