Civil society groups question independence of Ireland’s data protection commission
Over 40 civil society organisations have called on the European Commission to investigate whether Ireland’s privacy regulator, the Data Protection Commission (DPC), remains truly independent following the appointment of a former Meta lobbyist as one of its commissioners.
A coalition of more than 40 civil society groups has urged the European Commission to review the independence of Ireland’s Data Protection Commission (DPC), raising concerns about potential conflicts of interest after the appointment of a former Meta executive to the regulator’s leadership.
In a joint letter, the groups questioned whether the DPC, which plays a central role in enforcing the EU’s General Data Protection Regulation (GDPR), can continue to operate without political or corporate influence. They have called for a formal EU work programme to ensure that privacy laws are applied consistently and transparently across all member states.
The concerns were triggered by the appointment of Niamh Sweeney, formerly Facebook’s Head of Public Policy for Ireland, who became the DPC’s third commissioner in September. Advocacy groups argue that the appointment risks undermining public confidence in the body responsible for policing some of the world’s most powerful tech companies, including Meta, Apple, and Google, all of which have their European headquarters in Ireland.
For years, Ireland’s DPC has been at the centre of Europe’s privacy enforcement system, acting as the lead authority for most major tech firms under the GDPR’s ‘one-stop shop’ mechanism. However, digital rights campaigners have often criticised the Commission for being too slow or lenient in handling high-profile privacy complaints.
Civil society organisations say the latest appointment deepens those concerns. ‘Independence is not just a principle on paper,’ said one group involved in the letter. ‘When the same regulator that oversees Big Tech is led by someone who used to represent it, citizens’ trust is inevitably shaken.’
The letter urges the European Commission to conduct a review of the DPC’s governance and to clarify the safeguards in place to prevent undue influence. Campaigners also want stronger oversight mechanisms to ensure that the enforcement of privacy rights remains free from political or corporate bias.
The issue carries broader implications for the EU’s data protection framework. If the independence of the DPC, which handles many of Europe’s biggest GDPR cases, is compromised, it could affect the credibility of privacy enforcement across the bloc. For civil society groups, the controversy is not only about Ireland but about ensuring that all data protection authorities remain accountable to citizens rather than to industry interests.
The GDPR was designed to protect individuals, not corporations, the letter concludes. ‘Ensuring that supervisory authorities are independent, impartial, and effective is not only a legal requirement but also a political necessity for safeguarding rights and maintaining public trust. Undermining supervisory authority independence also risks weakening protections guaranteed under the Charter of Fundamental Rights’
