From an office above a supermarket in a small town in County Laois, Billy Hawkes is charged with protecting the data and privacy of more than a billion Internet users around the world.
As the Data Protection Commissioner for Ireland, Hawkes has assumed responsibility for safeguarding the data of 990 million Facebook users outside of the United States, not to mention 175 million users of the business-based social media site Linked In and the users of numerous other global Internet services that have moved their European headquarters to Ireland in recent years.
Hawkes, 62, never signed up for this when he took the job of DPC in 2005 when the office was seen as a domestic service. It was moved to Portarlington (population 7,500), a 50-mile train ride from Dublin, as part of the Irish government’s policy of relocating more public bodies outside the capital. Since Google based its European HQ in Ireland in 2003 – taking advantage of corporation tax cut to 12.5 per cent – the country has become home to a technology sector that employs 105,000 people and accounts for 40 per cent of annual exports. Companies with their European HQs in Ireland include Facebook, Apple, Linked In, Twitter, eBay and PayPal. Hawkes must ensure that they handle their data correctly.
“We have acquired oversight responsibility of companies that can be quite controversial and process a lot of personal data,” he said. “It means we are in the international spotlight in a way that we would not have been when I took this job and are sometimes being accused of not being sufficiently vigorous.”
The DPC has its critics. Joe McNamee of European Digital Rights, a civil rights group, told business website Quartz that the commissioner’s office allowed companies to “do whatever they want with personal data”.
Hawkes’ team of 22 staff has been slightly increased to 30 and his budget has grown from €1.5m to €2m. “At the moment we are satisfied that we have the resources to deal with what’s on our plate. As more and more complex companies declare jurisdiction in Ireland, we will have to look more carefully again,” he said.
A DPC audit of Linked In is currently being finished and others will follow at Apple and Adobe as matters of standard procedure.
Hawkes rejects the idea that his office is a soft touch. “We have very strong enforcement powers, some of the strongest of any data protection authority.” Unlike his opposite number in the UK, he has powers to audit private firms and can order dawn raids on non-compliant companies.
One international data processing firm has been closed down by the DPC, pending an improvement in its practices. But usually Hawkes prefers a more subtle approach. “Most of our work is done behind closed doors without publicity but with the outcome being exactly what we want,” he said.
As for the remote location of his desk, that’s a “non-issue”, according to the protector of much of the world’s data privacy. “We have a totally modern and functional open plan office and, because these days people operate electronically, where we are physically based doesn’t matter,” he said.
“There has been some sneering about where we are located, but the ground floor just happens to be occupied by a supermarket. It doesn’t really alter anything.”