European Union States that Ireland and Luxembourg Need to get Tougher with Tech Giants

EU member-state flags

The European Commission has released a report in which they state that Ireland and Luxembourg are not able to make a stand against the tech companies that are based in those countries. The countries need more resources to ensure that they adhere to the European laws and regulations concerning privacy.

Privacy and the GDPR

Nowadays, privacy is one of the most important commodities. Consumers and the general public are more and more aware of the fact that there is a great deal of money to be made in trading personal information – also known as big data. It’s what keeps companies like Google, Facebook, and Twitter alive; they make billions of dollars each year selling personal data. But people are more aware of what to share – and what not to – because of scandals such as the one involving Cambridge Analytica.

There are national and international laws that protect our private information. Two years ago, the General Data Protection Regulation (GDPR) was introduced in Europe. This regulation came into law to protect the privacy of the European people. It details what is considered private information, what businesses need to do when they collect this type of data, which requirements are involved in that, and what rights people have to control their data.

Business Climate

Companies that locate in European countries will have to adhere to the GDPR as well. It doesn’t matter that the headquarters of that company are located somewhere else. So, American companies that open an office in Europe need to abide to European privacy laws in that office. The company is risking a massive fine if it doesn’t. Microsoft and Google have experienced this already.

Many big tech companies have located their headquarters in Europe for tax reasons. Ireland and Luxembourg are loved by these companies. Google, Facebook, Twitter, and Amazon all have their European headquarters in one of the two. National supervisory authorities have to make sure that these companies adhere to European law.


And that’s where the issue is. These countries are not able to enforce this. A report by the European Commission says that the number of supervisors across Europe has risen by 42 percent between 2016 and 2019. Ireland and Luxembourg even saw a rise of 169 percent. The budget increased by 49 percent in this period. But this is not enough.

“Given that the largest big tech multinationals are established in Ireland and Luxembourg, the data protection authorities of these countries act as lead authorities in many important cross-border cases and may need larger resources than their population would otherwise suggest,” the report said.

Ireland is currently investigating Facebook, Instagram, WhatsApp, Twitter, LinkedIn, Apple, Verizon, and Quancast. The European Commission is asking all EU-countries to work together and join their resources. According to them, that is the only way that the law can be upheld in the same way in every country.


This isn’t the first time that we have learned that European privacy watchdogs cannot uphold the GDPR in their own country. The developers of the Brave browser recently found that supervisory authorities didn’t have enough resources or qualified staff to make a stand against the big players in the game, even though the GDPR requires that. That is why they have filed a complaint with the European Commission against all 27 Eu member-states. The developers say that the European Commission needs to get involved in the situation, since countries do not have the resources to police these big tech companies at the moment. And this needs to change.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.