The Irish government has appointed Niamh Sweeney, a former senior lobbyist for Meta, as a commissioner for the Irish Data Protection Commission (DPC), the key regulatory body overseeing data protection compliance for major technology companies in Europe. The appointment, announced on September 17, 2025, and taking effect October 13, 2025, expands the DPC’s leadership to three commissioners, marking a significant moment in European privacy regulation.
Sweeney’s background includes nearly eight years working at Meta in several senior public policy roles, including serving as head of public policy for Facebook Ireland and later as director of public policy for Europe at WhatsApp. Her tenure at the company coincided with several high-profile scandals involving privacy violations and regulatory scrutiny, stoking concerns about potential conflicts of interest in her new regulatory role.
Ireland’s Role as Europe’s Tech Regulator
The Irish Data Protection Commission holds a critical place in European privacy enforcement due to the “one-stop-shop” mechanism of the EU General Data Protection Regulation (GDPR). Since many major US tech companies, including Google, Microsoft, and Meta, establish their European headquarters in Ireland—attracted by the country’s favorable corporate tax regime—DPC acts as the lead supervisory authority for GDPR compliance affecting over 450 million users across the European Economic Area.
Decisions by the Irish DPC have a direct impact on the data collection, privacy policies, and advertising practices of these tech giants. This regulatory authority extends its reach throughout Europe, making the composition and independence of the commission a topic of intense interest and debate.
Sweeney’s Career and Track Record at Meta
Between December 2015 and October 2021, Sweeney held influential roles at Meta, actively defending the company’s interests amid controversies. These included the fallout from the Cambridge Analytica scandal, where Facebook faced criticism for improper handling of user data, as well as multiple European investigations leading to fines totaling nearly a billion euros.
Meta was fined €390 million for failing to obtain user consent and €1.2 billion for illegally transferring personal data to the US, among other violations. During this period, Sweeney was engaged in policy advocacy aimed at mitigating regulatory backlash and shaping public perceptions of Meta’s data practices.
Privacy advocates highlight that during her time at Meta, Sweeney played a role in defending the company’s policies that led to questionable data collection practices, psychological experiments on users, and controversial use of tracking technologies. Critics argue that her appointment raises concerns that the regulator may be too sympathetic to industry interests.
Reactions from Privacy Advocates and Opposition
The appointment of Niamh Sweeney has sparked an outcry from privacy groups, politicians, and digital rights activists. The Austrian privacy advocacy group noyb harshly criticized the move, stating,
“With this appointment, the Irish government does not even pretend to care about enforcing EU law anymore.”
The group pointed to the DPC’s reputation as being pro-big tech and accused it of facilitating lax enforcement of GDPR.
Evidence cited includes the fact that while the DPC has issued fines amounting to €3.26 billion, only around €19.9 million (0.6%) has actually been collected. Critics assert this demonstrates a pattern of regulatory tolerance that benefits American technology companies operating in Europe without strict compliance.
Privacy campaigners view Sweeney’s appointment as potentially exacerbating these concerns, arguing that entrusting a former Meta lobbyist with oversight responsibility risks undermining the credibility and independence of the DPC.
Government and Official Responses
The Irish government and Data Protection Commission framed Sweeney’s appointment as a necessary step to strengthen the Commission’s capacity amid growing responsibilities. Minister for Justice, Home Affairs and Migration Jim O’Callaghan noted,
“As the responsibilities and scope of the DPC continue to grow, I am pleased that three commissioners will now lead and manage this key regulatory body.”
O’Callaghan also highlighted the increasing regulatory scope beginning in 2026, including significant new market surveillance authority over high-risk artificial intelligence systems and biometrics, adding weight to the need for expanded leadership.
The DPC publicly welcomed Sweeney, expressing confidence in her ability to help uphold the EU’s fundamental right to data protection as the body navigates the complex regulatory landscape shaped by rapid technological change and digital innovation.
The DPC’s Expanding Mandate
Beyond traditional data protection, the Irish DPC is poised to play a major role in regulating emerging technologies. The Commission will oversee AI systems considered high risk—particularly those used by law enforcement and involving biometric identification—starting 2026. This expansion signals a growing importance for data governance aligned with digital ethics and human rights protections.
Sweeney’s arrival coincides with heightened expectations for proactive and rigorous enforcement across the tech sector, especially regarding privacy and consumer protections linked to artificial intelligence and surveillance technologies.
Conflict of Interest Concerns
Despite official optimism, the appointment foregrounds complex questions about regulatory capture and potential conflicts of interest. Critics warn that Sweeney’s long affiliation with Meta, a company frequently scrutinized by the DPC, casts doubt on the regulator’s impartiality in ongoing and future cases involving the tech giant.
The perception that regulation is being led by former industry insiders may erode public trust in European data protection enforcement, a concern amplified by prior criticism of Ireland’s generally lenient regulatory stance.
Outlook for Enforcement and Industry Impact
The choice of Sweeney comes at a pivotal moment for European privacy law enforcement. As digital markets mature and AI integration accelerates, regulatory bodies like the DPC face greater pressure to balance innovation with users’ fundamental rights.
Sweeney’s deep knowledge of technology policy and industry workings may prove valuable in navigating these challenges, but the office must maintain clear boundaries between advocacy and impartial regulation to ensure credibility.
Whether the DPC’s expanded leadership under Sweeney and her colleagues will herald a new era of firm enforcement or continue to reflect tepid regulatory approaches remains to be seen. Privacy advocates and industry watchers will be scrutinizing decisions closely in the coming months.
Niamh Sweeney, a former lobbyist and public policy executive at Meta, is set to join the Irish Data Protection Commission as a commissioner in October 2025. Her appointment has sparked controversy over conflicts of interest, given her prior defense of Meta during major GDPR investigations. The DPC, which oversees major US tech companies with European headquarters in Ireland, is expanding amidst growing responsibilities, including AI regulation. Irish officials emphasize the necessity of experienced leadership, while privacy advocates caution that the regulator’s independence and effectiveness could be compromised.
