It’s not a gay bar in Dublin, the Irish Backdoor, sorry if that’s why you clicked on this blog. It’s how non-EU companies, like tech companies from the US and China, use the “one stop shop” mechanism to evade the privacy regulations of 26 countries to be regulated instead by the Irish regulator, the gentle golden retriever of privacy enforcement.
I am expanding on my blogpost below. But now I’m revealing something new. How most of the non-EU companies, like tech companies from the US and China, have no legal right to assert a claim to be regulated by the one stop shop. Fiction or fraud? Let me explain.
Legally, a non-EU company can only claim the benefits of the one stop shop if the decisions regarding data processing in Europe are made there.
Let me suggest a reality test. Most companies from outside the EU claim to benefit from the one stop shop in Ireland if they do the following: 1) create a corporate entity in Ireland, 2) write a privacy policy (or ask ChatGPT to write one) that tells users that the Irish corporate entity is the “controller” of their data in Europe, and 3) has some minimal presence in Ireland, like appointing some employee as a “data protection officer” for the entity. All this can be done in a day, and with a tiny local Irish staff. But…does this meet the legal test?… that the data processing operations in Europe are being decided by this Irish entity?
Most tech companies build products in their homes, Silicon Valley, China, etc. They then roll out these products globally. Usually these products are identical worldwide, except for language interface translations. In those cases, does anyone really believe that their Irish subsidiaries are really the decision-makers for how the data will be processed for their services for their (millions) of European users? Perhaps that is the case for a few large non-EU companies with large operations in Ireland. For all the others, it’s hard to believe.
Maybe it’s an innocent fiction for a company from China or the US to claim it is “established” in Ireland to evade the privacy laws of 26 EU countries with millions of users. Or maybe it’s a fraud…?
(Final note, as a former employee of Google, I must point out that nothing in this blogpost is meant to suggest anything regarding that particular company. Google has a huge workforce in Ireland).
Meanwhile, non-EU companies are getting an easy ride in Europe, while their EU company competitors aren’t. I just don’t think that’s fair to EU companies or to EU users.
No comments:
Post a Comment