One of the world’s top data watchdogs has warned that it will have to cut back on planned spending after it received just a fraction of the funding it says it needs to hold companies like Facebook (FB) and Google (GOOG) to account.
Ireland’s Data Protection Commission said that it was “disappointed” that the Irish government allocated it less than a third of the extra funding it requested in this week’s national budget. Its budget will now only climb by 11%, to €16.9m (£15m), next year.
The country, home to the European headquarters of several social media giants, has become a nexus for data regulation in the European Union.
The commission has recently concluded investigations into Facebook, its WhatsApp and Instagram apps, and Twitter (TWTR).
While rulings are expected by the end of 2019, the commission warned a parliamentary committee as recently as last month that it was “significantly under-resourced.”
Privacy activists and regulators in other European countries have long criticised the watchdog, saying it lacks the apparatus necessary to rein in misconduct by big technology companies. The commission has yet to issue a major fine against any of them.
The low budget allocation comes even as it has been swamped with thousands of complaints since the EU’s aggressive GDPR regulation came into force in May 2018.
This “jeopardises the good functioning of the data protection system in Europe at a critical moment,” said Jim Killock, the director of Open Rights Group, a digital rights advocacy group based in London.
“The Irish data protection authority is responsible in practice for investigating and holding to account the privacy practices of the most powerful international internet companies,” Killock told Yahoo Finance UK, noting that the Irish economy benefitted “hugely” from the presence of the companies in the country.
“The Irish government needs to match that benefit with resources to police these companies,” he said.
In Tuesday’s budget, the Irish government set aside €1.2bn in funding as part of no-deal Brexit preparations.
A spokesperson for Ireland’s public expenditure ministry told Yahoo Finance UK that the “unique circumstances” of the budget “inevitably meant that the demands from departments and agencies could not be fully met.”
Though its funding and resources have seen a fourfold increase in recent years, the Data Protection Commission’s main office was based above a convenience store in a tiny Irish town until 2014.
Its budget and headcount — it has less than 200 employees — are still dwarfed by those of the social media companies it regulates. Facebook has hundreds of staff around the world working on data regulation, with many of them based in Dublin.
Indeed, at least as likely is an @EU_Commission enforcement action against the state for that failure and for undercutting the independence of the @DPCIreland. The State's petty point-settling dressed up as penny-pinching will founder in @EUCourtPress
— Eoin O'Dell (@cearta) October 9, 2019
Critics in Ireland have suggested that the small budget allocation is retribution for an August ruling by the Data Protection Commission, which found that an Irish government identity card scheme was unlawful.
The implementation of the public services card, which was issued to more than three million citizens, cost around €60m (£53m).
“An independent regulator has to be properly resourced, not afraid of being put on punishment rations if they take action,” said Simon McGarr, one of Europe’s top data protection experts.