A former lobbyist for Meta has been appointed as a commissioner of the Data Protection Commission, the primary regulator for big tech firms in the European Union. Niamh Sweeney, who previously worked at Meta for six years, will now help lead one of the EU’s largest data protection authorities. Sweeney held significant policy roles during her tenure at the tech giant, serving as the director of European public policy at WhatsApp and the head of Irish public policy at Facebook. Her appointment makes her the third active commissioner at the DPC, joining Des Hogan and Dale Sutherland. Ireland’s Minister for Justice, Jim O’Callaghan, commented on the expansion, stating that with the growing responsibilities of the DPC, he is pleased that three commissioners will now lead this key regulatory body. The DPC itself has publicly welcomed Sweeney, expressing that it looks forward to working with her as the organization continues its mission to uphold the EU’s fundamental right to data protection. However, the appointment has drawn sharp criticism from privacy advocacy groups. The European non-profit noyb, which is known for filing GDPR complaints, issued a strong statement on social media, suggesting the Irish government is no longer even pretending to care about enforcing EU law by appointing a former tech lobbyist to a top regulatory role. This move reinforces a long-standing perception that both the Irish data regulator and the country itself are particularly friendly to large technology companies. Ireland offers a low corporate tax rate and has developed a reputation for a lenient approach to regulation enforcement. The DPC’s track record has been a significant point of contention. The regulator has gained notoriety for its perceived reluctance to aggressively pursue big tech firms for violations of laws like the General Data Protection Regulation. Reports indicate the DPC has managed to collect only a tiny fraction of the billions of dollars in fines it has levied against technology companies for data protection breaches. Some of the most substantial fines issued by the DPC have been against Meta itself. The company was fined nearly 300 million dollars following a major global data breach that impacted Facebook users. In a separate case, Meta was fined an additional 100 million dollars for the serious security failure of storing user passwords in unencrypted plain text, a clear violation of GDPR rules. The appointment of a former Meta executive to a senior role within the very body responsible for policing the company raises serious questions about regulatory capture and potential conflicts of interest. It remains to be seen whether the new commissioner will enforce the law stringently against her former employer or if the DPC’s industry-friendly stance will continue.
