Facebook data leak incident: Irish regulator must step up to the plate, says French minister
If not, France will 'have to draw some conclusions about the European data protection framework'
France expects strong action from the Ireland's Data protection Commission (DPC) in Facebook data leak incident and could seek to rewrite EU rules if Irish regulator fails again to show its teeth to the tech giant.
The warning comes from Cédric O, France's secretary of state for digital transition, who wrote on Twitter that France will have to "draw some conclusions about the European data protection framework" if Ireland's DPC does not take appropriate action against the social media network over the data leak that affected millions of French citizens.
The post also suggested that the French minister was not happy with the fact that the Irish regulator took so many days to announce the inquiry into the data leak.
"Inquiry finally launched by the Irish DPC on the Facebook data leak. Let's hope they respond to the unacceptable situation, which has affected millions of French citizens. If not, we will have to draw some conclusions about the European data protection framework," Cédric O wrote.
Ireland's DPC on Wednesday announced an inquiry into the Facebook leak, which has allegedly exposed the personal details of about 533 million users.
The DPC said that it believed the leak may breach "one or more provisions" of the EU's General Data Protection Regulation (GDPR) and/or the Data Protection Act 2018.
If the DPC finds Facebook guilty, the company could face a financial penalty of up to 4 per cent of its $86 billion (£62 billion) global revenue.
The DPC's move to open a probe into the data leak came after the European Commission intervened to apply pressure on Ireland's data regulator.
European Commissioner for Justice, Didier Reynders, said earlier this week that he had spoken with Helen Dixon, Ireland's Data Protection Commissioner, about the Facebook leak.
Most tech giants operating in the Europe are regulated in Luxembourg or Ireland, where many are headquartered for reasons of low tax. The Irish DPC has been accused of a failure of enforcement because tech firms like Facebook play an important part in the country's economy. Privacy lawyer Max Schrems, who has brought cases against Facebook to the DPC, recently described the regulator's approach as "Kafkaesque".
Last month the members of European Parliament expressed concerns about the role of the Irish DPC, saying that the regulator likely prefers "to close cases with a settlement instead of a sanction".
They also urged the European Commission to "speed up" ongoing investigations into major cases and to show EU citizens that data protection was an enforceable right.
Germany's data protection chief, Ulrich Kelber, has said in the past that the Irish regulator is too slow to see cases through.
Last December, Ireland made its first sanction against a major US tech firm when it imposed a €450,000 (about £390,000) fine on Twitter, over a data breach that made some private tweets public.
French officials are currently pushing to expand EU regulations that would give member states more power to punish large tech companies' bad behaviour. France wants a stricter Digital Services Act (DSA) to reduce anticompetitive behaviour by tech firm while providing more online protections for consumers. If companies are found to have violated that rules, they would face hefty fines.
Last year, the Netherlands also joined France in proposing stricter EU rules to oversee big tech companies, such as Google, Facebook and Amazon.
"Our common ambition is to design a framework that will be efficient enough to address the economic footprint of such actors on the European economy and to be able to 'break them open'," Cédric O said last year.
"Access to data, to services, interoperability … these are efficient tools that we should be able to use, with a tailor-made approach, in order to tackle market foreclosure and ensure freedom of choice for consumers," he added.