Big Tech fears US regulation, but it may be Ireland that should scare them

Key Points
  • Ireland has become the main regulator enforcing rules on how big tech companies collect and process user data under Europe's privacy law called GDPR.
  • Ireland's Data Protection Commission is conducting 20 investigations into big tech companies.
  • In an interview with CNBC's "Beyond the Valley," Ireland's Data Protection Commissioner explained how she is investigating Big Tech.
Irish data watchdog: Some Facebook probes to conclude in coming months

Ireland's reputation when it comes to keeping corporations in check isn't exactly tough.

The European Parliament said in a report earlier this year the country displays traits of a tax haven and facilitates "aggressive tax planning."

But since a landmark privacy law called the General Data Protection Regulation (GDPR) went into effect across the European Union (EU) last May, Ireland has become the focal point for enforcing rules on how big tech companies collect and process user data.

Many corporations, including tech giants like Apple, Facebook and Alphabet's Google, have their EU headquarters in Ireland. That means Ireland's Data Protection Commission is tasked with overseeing their compliance with GDPR's rules, such as notifying authorities of data breaches within 72 hours or making sure companies get proper consent from users on their platforms.

Helen Dixon took the job as Ireland's Data Protection Commissioner in 2014. In an interview with CNBC's Beyond the Valley, Dixon said her office has had to "significantly expand" its resources due to an influx of privacy breach notifications and complaints from individuals since GDPR went into effect.

Ireland's Data Protection Commission is currently conducting 20 investigations into multinational companies over possible breaches of GDPR. Eleven of those inquiries involve Facebook or its subsidiaries WhatsApp and Instagram. Dixon said she expects the first conclusions will be reached "in coming months."

She added GDPR has "a big stick that's waving at companies" in the form of sanctions and fines. Companies that breach the law can face significant fines: 20 million euros ($22 million) or 4% of global annual revenues. For Facebook, that could mean $2.2 billion based on last year's sales. So far, though, the biggest fine under GDPR came from France's data regulator against Google for 50 million euros ($56 million).

Listen to CNBC's latest podcast exploring how Ireland became the lead regulator taking on Facebook and other big tech companies on user privacy and data issues.