Former Meta Lobbyist Appointed to Lead Ireland’s Data Protection Commission
Key Points
- Niamh Sweeney, former Meta lobbyist, appointed commissioner of Ireland’s Data Protection Commission (DPC).
- She spent six years at Meta, serving as director of European public policy at WhatsApp and head of Irish public policy at Facebook.
- Sweeney joins Des Hogan and Dale Sutherland as the third active commissioner of the DPC.
- Irish Minister for Justice Jim O’Callaghan welcomed the appointment, citing the DPC’s growing responsibilities.
- The DPC has a reputation for leniency toward big‑tech firms, reflecting Ireland’s low corporate tax environment.
- Only about 0.6 percent of GDPR fines have been collected by the DPC to date.
- Meta has previously been fined nearly $300 million for a global data breach and $100 million for storing passwords in plain text.
- The appointment raises questions about the DPC’s future independence and enforcement vigor.
Niamh Sweeney, a former Meta lobbyist who spent six years at the company, has been named commissioner of Ireland’s Data Protection Commission (DPC). She succeeds Des Hogan and Dale Sutherland as the third active commissioner. Irish Minister for Justice Jim O’Callaghan welcomed the appointment, noting the DPC’s expanding responsibilities. Critics point to the DPC’s historically lenient stance toward big tech, citing low fine collection rates and past fines against Meta for data breaches and password storage violations. The move raises questions about the regulator’s future independence and enforcement vigor.
Background and Appointment
Niamh Sweeney, who previously worked for Meta for six years, has been appointed commissioner of the Data Protection Commission (DPC), one of the largest EU data protection authorities. During her tenure at Meta, she held roles including director of European public policy at WhatsApp and head of Irish public policy at Facebook.
Sweeney becomes the third active commissioner of the DPC, joining Des Hogan and Dale Sutherland. The appointment was announced by Ireland’s Minister for Justice Jim O’Callaghan, who said the DPC’s responsibilities and scope continue to grow.
Reactions to the Appointment
The Irish government expressed optimism, stating it looks forward to working with Sweeney as the DPC upholds the EU’s fundamental right to data protection. However, the DPC has a reputation for being friendly to big‑tech firms, reflecting Ireland’s broader approach of offering a low corporate tax rate and lenient regulation.
Track Record of the DPC
Critics note that the DPC has collected only around 0.6 percent of the billions of dollars in fines levied under the EU’s General Data Protection Regulation (GDPR). Notable fines against Meta include nearly $300 million for a global data breach and an additional $100 million for storing passwords in plain text, both GDPR violations.
These figures raise concerns about whether the DPC will maintain its current enforcement posture or adopt a more rigorous approach under Sweeney’s leadership, especially given her past affiliation with Meta.
Implications for EU Tech Regulation
The appointment underscores the ongoing tension between regulatory independence and industry familiarity. As the DPC’s scope expands, its ability to enforce GDPR provisions against major tech companies will be closely watched by both policymakers and the tech sector.