The Data Protection Commissioner has said she does not have enough resources to regulate multinational companies based in Ireland such as Facebook, Google, and Twitter having secured ‘significantly less’ Government funding than she had requested.
Helen Dixon made the remarks at the International Grand Committee on Disinformation and ‘Fake News’, held in Dublin today. Ms Dixon said her office had 27 staff when she took over the role of DPC at the end of 2014, which now stands at over 140 - but that the recent Budget granted her an allocation short of what she requested.
“I made a submission in terms of the resources I anticipated I would need in 2020 as part of that budgetary process and ultimately we secured significantly less than we had sought for 2020,” she said.
She said that her funding is not enough, and more resources will be needed to tackle the “extremely labour intensive” enforcement cases handled by her office.
“We see the scale of the challenge more clearly than anyone else can see it in terms of what we're facing,” she said. On the issue of disinformation and fake news, Ms Dixon said such matters “stretch well outside of the scope of the data protection legal framework”.
However she said it is possible an individual who finds themselves the subject of online content that contains false information may be able to exercise their data protection rights to have the offending material erased or rectified.
Ms Dixon said the micro-targeting of individuals with specific online content can amplify the harmful effects of disinformation, which is a concern given the rates of online users who consume their news exclusively via social media platforms.
“All of this may happen without the user being aware their own data is being deployed to reinforce that individual’s existing viewpoint rather than the individual being in a position to take an objectively informed stance based on an understanding of both sides of an issue.”
Ms Dixon said her office is looking at such behavioural advertising and whether all aspects of it are GDPR compliant - particularly in terms of lawfulness and transparency to users.