VIDEO: Irish Privacy Chief on Outsize EU Oversight Role, Brexit

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

As the European headquarters for many multinational companies, Ireland has an “outsize role” in European Union privacy matters, Irish Data Protection Commissioner Helen Dixon told Bloomberg Law in a recent video interview.

Several technology giants, including Apple Inc., Microsoft Corp., Alphabet Inc.'s Google, and Facebook Inc., have their European headquarters in Ireland. The list may well grow as companies currently based in the U.K. may be looking for a new European base due to Brexit, Dixon said in the video interview.

Dixon said her office will have an even larger oversight and enforcement role once the new EU privacy regime, the General Data Protection Regulation (GDPR), takes effect May 25, 2018.

New EU Privacy Regime

The GDPR provides one EU-wide regulation to replace a more than 20-year-old directive that required each country to pass its own privacy laws. The GDPR will bring stricter standards for user consent to the use of their personal data, mandatory data breach notification, the right for individuals to request the deletion of certain personal data, and fines as high as 20 million euros ($23.5 million) or 4 percent of a company’s annual worldwide income.

After the GDPR goes into effect, many companies with bases in Ireland will seek to use the Irish Data Protection Commissioner’s office as a “one-stop-shop” to make sure they are complying with the new regulation, Dixon said. The office will take into account the views of the privacy regulators in other other EU countries and keep them updated throughout the process, she said.

An “engaged approach” with data-rich companies has allowed the Irish privacy office to have “regulatory conversations” to ensure that companies are compliant with laws and regulations, Dixon said. Having direct conversations is a good way to “avoid the longer lifecycle of the litigation process,” she said.

The ability to issue significant fines under the GDPR is a great addition to her “toolkit,” Dixon said.

Brexit Impact

In addition to the changes that the GDPR will bring, Dixon said there “undoubtedly” will be impacts from the U.K.'s exit from the EU—dubbed Brexit.

Although the full extent of Brexit’s impact on Ireland isn’t clear, Dixon said the loss of U.K. counterparts as members of EU governmental privacy groups will “certainly” be a big loss.

Dixon said that many companies based in London are starting to relocate to Dublin before Brexit is completed, and this may lead to more regulatory activity.

Following Brexit, the U.K. must determine how to legally transfer personal data from the EU in a way that satisfies EU privacy protections. Establishing those new data transfer mechanisms is crucial for continuing digital trade, but it is unclear what kind of path the U.K. may take after Brexit, Dixon said.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security