Facebook chief, Sheryl Sandberg, lobbied Taoiseach Enda Kenny over data protection role and taxation in Republic of Ireland
Facebook chief, Sheryl Sandberg, personally lobbied the Taoiseach at one-to-one meetings and in correspondence, on who would be appointed as Ireland’s next Data Protection Commissioner.
The social media giant is facing an investigation under the new Data Protection Commissioner, Helen Dixon, into allegations that Facebook used its Irish headquarters to transfer the data of millions of EU Facebook users to US spies under the Prism surveillance programme.
Given extraordinary access to the Taoiseach, Ms Sandberg lobbied Enda Kenny personally at meetings in Davos and California, and in subsequent correspondence, trying to influence his appointment of a successor to Billy Hawkes, who was due to retire from the role of Data Protection Commissioner.
Ms Sandberg doesn’t specifically name any preferences she has for potential successors in the documentation. She makes clear, however, that Facebook is interested in who the appointment will be, and that whoever is appointed is a ‘strong candidate’ as Mr Hawkes was a ‘hard act to follow’.
She says in the documentation that she hopes whoever is appointed to the position will be able to collaborate with Facebook and provide leadership on the data protection issue in Europe.
Mr Hawkes had, on what he believed to be valid legal grounds, refused to investigate claims that Facebook Ireland had colluded in transferring the private data of millions of EU citizens to its US headquarters, from where it was allegedly accessed by US spies in the National Security Agency (NSA).
Documents released to the Irish Independent under the Freedom of Information Act, reveal how over a period of 11 months, Ms Sandberg used her privileged access to the Taoiseach to lobby him on two issues of critical interest to Facebook: taxation and data protection, specifically who would replace Mr Hawkes.
The correspondence between the Taoiseach, his officials and Ms Sandberg takes place in 2014 as Facebook is fighting two battles on two continents: one against the IRS in the United States, which has found that Facebook’s Irish operations present a possible $5billion tax liability; and the other fight against allegations that Facebook Ireland handed users private data to US spies.
- Facebook using people’s phones to listen in on what they’re saying, claims professor
- UK spy agencies have collected bulk personal data since 1990s, new papers reveal
- Edward Snowden: NSA still collecting everybody's information including your d**k pics
On the latter issue, Facebook was facing growing pressure from the EU Commission, which was proposing a new EU-wide Data Protection Regulation. If millions of EU citizens’ privacy rights had been violated, Facebook was facing court claims and institutional fines which could potentially cost them €3.2 billion - 4pc of turnover, the rate of fines being proposed in early EU drafts of the new EU Data Protection regime.
The Irish Data Protection Commissioner had played a crucial role in Facebook’s defence of the US spying claims. Mr Hawkes had refused to investigate the claims on legal grounds. However, at the time of the lobbying of Enda Kenny by Ms Sandberg, these grounds were being appealed to the Irish High Court, and the Court of Justice of the European Union was going to be asked to rule on the matter.
Ms Sandberg was anxious to ensure that Mr Hawkes’ successor as Data Protection Commissioner would be as ‘strong’ as Mr Hawkes had been.
The documents released under the Freedom of Information Act cover 11 months of correspondence between the Taoiseach, his officials and Sheryl Sandberg.
Beginning on January 3 2014, the Taoiseach’s officials set up a one-to-one meeting between the Taoiseach and Ms Sandberg in meeting room ME22 at the World Economic Forum in Davos, Switzerland. The meeting was to take place at 11am sharp on January 23. The correspondence reveals that Ms Sandberg sets the time of the meeting and confines it to 15 minutes because of her ‘tight schedule’.
At the meeting, Ms Sandberg lobbies Mr Kenny on taxation and on the spies issue, specifically advancing Facebook’s position in relation to proposed European Data Protection regulations. Later that evening Ms Sandberg ‘dropped by’ an IDA dinner at Davos.
Two days after the Davos meeting Ms Sandberg writes to Mr Kenny, and is sure to warn how changes to taxation or privacy laws might lead Facebook to consider ‘different options for future investment and growth in Europe’.
The email reads:
“I also want to commend you once again for your leadership during your Presidency of the EU. You made enormous progress. When it came to the European Data Protection Regulation, you and your staff really internalised our concerns and were able to present them in a reasonable way, which has had a positive impact ...We hope we can rely on you for your continued leadership on this regulation since we still have more work to do here. Along the same lines, I was pleased to hear that you are so involved in the OECD working group process on tax reform. These discussions will be very complicated and important, and we hope to be helpful to you identifying the implications with different options for future investment and growth in Europe. We are keen to collaborate with your office on this, just as we have on the DPR.”
After the one-to-one meeting in Davos, Facebook’s Senior Policy team, comprising 15 executives from Washington, California, Dublin, and across Europe, requested a personal meeting with the Taoiseach in Government Buildings on February 6 2014.
Mr Kenny did not meet the delegation but instead sent his special adviser, Paul O’Brien, the Secretary General to the Government, Martin Fraser, and two of the Taoiseach’s experienced assistant secretaries with responsibility for international economic matters, Lorcan Fullam and John Callinan.
After this high-powered delegation, the Taoiseach was invited to Facebook’s Menlo Park headquarters in the United States, in June 2014, where he had a meeting with Sheryl Sandberg, which was scheduled to last for precisely 43 minutes.
They discussed the need for one tax regulator in the EU, and also the issue of who would replace Billy Hawkes as Data Protection Commissioner. Mr Hawkes was to retire on August 31 that year.
A subsequent letter to the Taoiseach in June 2014 specifically mentions Billy Hawkes and the need for his replacement to be a strong candidate. While Mr Hawkes’s independence and integrity are undisputed, there is no doubt that Facebook would have been relieved in 2013, when Mr Hawkes refused to investigate claims that Facebook Ireland had transferred data to the States for examination by the NSA.
Mr Hawkes had refused the investigation on the legal grounds that Facebook was entitled to send data from the EU to the US under EU Commission Safe Harbour provisions. However, at the time when Ms Sandberg was being granted personal access to the Taoiseach, a subsequent judicial review in the Irish High Court had been initiated, which again threatened Facebook’s bottom line.
Two days after this June 2014 meeting, Ms Sandberg wrote to the Taoiseach and invited him to open Facebook’s new Nama-funded headquarters in Silicon Docks in November that year.
The letter was used to again lobby the Taoiseach on taxation and Data protection, and to warn about the consequences of disappointing Facebook, which would involve the company having to ‘revisit its investment strategies for the EU.’
“We agree with you that to have a true Single Market approach, it is important to have one regulator, whether on privacy or tax, to enable businesses and benefit consumers across the EU. Without this, the risk is that companies will revisit their investment strategies for the EU market. We hope you will continue to play a leadership role on the Data Protection regulation since there is still more work to do there.”
Her letter then switches to a pointed reference to Billy Hawkes departing as Data Protection Commissioner in Ireland and the importance of appointing someone Facebook would approve of in his place.
“It was helpful to hear how you are focused on finding a strong successor to Billy Hawkes, as Data Protection Commissioner for Ireland. Billy will be a hard act to follow and we are hopeful that his successor will be someone who will establish a collaborative working relationship with companies like ours and be able to lead on the important issue of data protection compliance in Europe.”
By November 2014, when Enda Kenny opened Facebook’s new NAMA-funded offices in Dublin’s Silicon Docks, the Taoiseach had created a new junior ministry - a Minister of State with responsibility for Data Protection, within The Taoiseach’s own department.
He mentions this in his closing remarks to Facebook executives: “On a very serious note, one of the key challenges going forward for companies such as yours, is Data Protection ….I believe that it is of the utmost importance to work closely with out new Data Protection Commissioner. As a measure of the seriousness with which we take this issue, I have recently appointed a new Minister of State for Data Protection - Dara Murphy - within my own Department, as we are very conscious that we need to be fully on top of all aspects of Data Protection.
“In this area, Ireland’s ability to build and maintain good relationships at EU and international fora on Data Protection is paramount for the continued growth of this exciting new area of opportunity in Ireland and we are determined to address all the complex issues which these challenges raise. “
By June the following year the government had increased the funding for the Data Protection Commissioner, according to a memo prepared after a meeting between then Minister for Enterprise Jobs and Innovation, Richard Bruton, and senior Facebook executives who had travelled to Ireland to discuss building a €200m Data Centre in Clonee, County Meath on June 3 2015.
“Minister Bruton outlined the economic work of the Government over recent years, the appointment of a Minister of State for Data Protection, the fact that we work closely with the EU on Data issues and that we recently strengthened the office of the Data Protection Commissioner by allocating additional resources," the document reads.
In October 2015, the European Court of Justice declared that the ‘Safe Harbour’ provisions were invalid - a move which led to Hawke’s successor, Helen Dixon agreeing to investigate the spying claims against Facebook Ireland.
Ms Dixon reopened the investigation, and took a case asking the Irish High Court to refer to the Court of Justice of the European Union the question of whether so-called standard contractual clauses (SCCs) used by Facebook and others to transfer data from the EU to the US, are valid. After 20 days of evidence, judgment in the case was reserved in the Irish High Court in March 2017. A decision is still awaited.
Meanwhile, the EU has adopted a new General Data Protection Regulation (GDPR) . It comes into force in May 2018 after a two-year transition period. It extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It harmonises data protection regulations throughout the EU, with severe penalties of up to 4pc of worldwide turnover.
According to the European Commission, ‘personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information or a computer’s IP address.”
Facebook appears to have won some concessions. The regulation does not apply to the processing of personal data for national security activities or law enforcement. However, the data protection reform package includes a separate Data Protection Directive for the police and criminal justice sector that provides robust rules on personal data exchanges at national, European and international level.
Ms Sandberg will also have been pleased to note that under the new regulation, there is to be a one-stop-shop for privacy complaints, where businesses deal with the Data Commissioner in the country of their ‘main establishment’.
In this case, this means Facebook will be dealing with Ms Dixon, the former company’s registrar and civil servant who is now Ireland’s Data Protection Commissioner.