Social media activity and usage
Estimated population active on social media in 2023* *Source
Platforms ranked by usage in 2023*
1. Facebook
2. Instagram
3. YouTube
4. TikTok
5. SnapChat
Current laws and regulations relevant to social media
All EU laws mentioned in the EU section
Irish Constitution
Each piece of Irish legislation should be read and understood in the context of Irish constitutional rights, particularly freedom of expression. Constitutional rights are the most important and protected rights in the Irish legal system. Freedom of expression is a key constitutional right in Ireland under Article 40.6.1 of the Irish Constitution and is therefore protected in the Irish legal system. The right to freedom of expression has been developed through case law, and all legislation that is passed in the country must ensure that this right is not unconstitutionally prejudiced. This is a key consideration for the Irish legislature as it continues to address the challenges of regulating social media companies. However, like all constitutional rights freedom of expression is not an absolute – it can be limited in the interests of public order and morality and must be weighed against competing constitutional rights, such as the right to privacy. While a right to privacy is not specifically referenced in the Irish Constitution, the Irish courts have placed privacy on equal footing with the fundamental rights enshrined in the Irish Constitution.
Online Safety and Media Regulation Act 2022 (OSM Act)
The OSM Act was signed into law in December 2022 and subsequently came into force on March 15, 2023. The OSM Act creates a framework for the regulation of online safety and defines “harmful online content.” The OSM Act also provides for the establishment of a new media commission in Ireland (Media Commission), known locally as Coimisiún na Meán. Under the OSM Act, the Media Commission has the power to develop binding online safety codes (Codes) and will designate which online services these Codes apply to, with the purpose of reducing the risk of harmful and illegal online content. Through the implementation of these Codes, the Media Commission shall enforce rules on how online services or platforms, including social media platforms, should deal with harmful and illegal content. The Media Commission can require relevant online services to provide information on their compliance with any relevant Codes, and a failure to comply with such Codes may result in investigations and administrative sanctions.
Electoral Reform Act 2022 (2022 Act)
The 2022 Act was signed into law on July 25, 2022, and parts 4 and 5 were subsequently notified to the European Commission pursuant to the technical regulation information system (known as TRIS) notification process, so as to ensure the draft legislation complies with EU law and market rules. However, as of the date of publication of this guide, parts 4 and 5 have not yet taken effect. Parts 4 and 5 of the 2022 Act are relevant in this scenario because they will regulate political advertising on online platforms, including social media platforms. Online platforms will be obliged to accompany political adverts on their platforms with certain information, provide a transparency notice and conduct identity verification in respect of those who purchase political adverts. Online platforms are also obliged to provide the Electoral Commission with specific information, including whether there is misinformation on their services. The Electoral Commission will be responsible for monitoring online platforms’ compliance with this Act once it has taken effect.
Harassment, Harmful Communications and Related Offences Act 2020 (2020 Act)
The 2020 Act criminalized the act of publishing or sharing intimate images of another person without their knowledge or consent. The 2020 Act also established a new offense that makes it illegal to share, send or publish “threatening or grossly offensive communication” about a person if there is intent by the publisher to cause harm to that person. Finally, the 2020 Act extended the definition of “harassment” under Section 10 of the Non-Fatal Offences Against the Person Act 1997, which now means that communication that is not addressed to the person involved can still be considered harassment. All online intermediaries, including social media providers, will have to refresh and update their policies on prohibited communications given the increased scope for criminal prosecution of users committing offenses under the 2020 Act.
The Defamation Act of 2009
The Defamation Act makes it an offense to make a defamatory statement about another person. A defamatory statement is defined as one that “tends to injure a person’s reputation in the eyes of reasonable members of society.” This applies to the publication of a defamatory statement on a social media platform.
Prohibition of Incitement to Hatred Act 1989 (1989 Act)
The 1989 Act refers to “hatred” as the discrimination of another person based on that person’s background—for example, attacking a person as a result of their sexuality, race or religion. The 1989 Act states it is an offense for a person to “publish or distribute written material, to use words, behave or display written material … to distribute show or play a recording of visual images or sounds, if the written material, words, visual images or sounds, as the case may be, are threatening, abusive or insulting and are intended or, having regard to all the circumstances, are likely to stir up hatred.” The provisions of the 1989 Act can be directly applied to online comments and hatred published on social media platforms.
Consumer Protection Act 2007 (2007 Act)
The 2007 Act regulates marketing and protects consumers in Ireland by prohibiting traders from engaging in “unfair,” “misleading” and “aggressive” commercial practices. The Irish Competition and Consumer Protection Commission (CCPC) has noted that those who promote goods or services on behalf of a business, including the promotion of goods and services via social media platforms, may be considered a trader under the 2007 Act.
Consumer Rights Act 2022 (CRA 2022)
CRA 2022 came into force recently and introduces several enhanced statutory protections for consumers and new obligations on traders, as well as obligations on online marketplaces. Social media providers should be aware of these new obligations, as CRA 2022 applies to contracts where the consumer does not pay a monetary price but provides personal data that the trader can commercialize. CRA 2022 also grants new enforcement powers to the CCPC, with increased penalties available for the prosecution of EU-wide infringements. The ASAI is a non-statutory self-regulatory body that aims to promote standards of marketing communications, including by way of the publication of its Code of Standards. In 2017, the ASAI published the Guidance in order to bring clarity on how the Code of Standards applies to influencers, including when certain influencer posts are considered marketing communications. If an influencer post is considered a marketing communication, it must be clearly labeled as such before users engage with the content. The Guidance provides specific examples for different scenarios, such as when free products are provided to influencers, use of affiliate links by influencers and sponsorship relationships with influencers, which are all relevant given the increased use of social media by influencers to promote products.
Advertising Standards Authority for Ireland (ASAI) Guidance Note on Recognizability of Influencer Marketing Communications (Guidance)
The ASAI is a non-statutory self-regulatory body that aims to promote standards of marketing communications, including by way of the publication of its Code of Standards. In 2017, the ASAI published the Guidance in order to bring clarity on how the Code of Standards applies to influencers, including when certain influencer posts are considered marketing communications. If an influencer post is considered a marketing communication, it must be clearly labeled as such before users engage with the content. The Guidance provides specific examples for different scenarios, such as when free products are provided to influencers, use of affiliate links by influencers and sponsorship relationships with influencers, which are all relevant given the increased use of social media by influencers to promote products.
Copyright and Related Rights Act 2000 (2000 Act)
The 2000 Act regulates copyright and copyright infringement in Ireland. The act states that those who provide facilities for the making available of public work shall also be liable for the infringement if they fail to remove infringing material as soon as practical following notification from the owner of the copyright. In this regard, it is important for social media providers to have a “notice and takedown” procedure that is quick and effective so as to avoid liability under the 2000 Act.
- The 2000 Act has since been amended by S.I. No. 59/2012 European Union (Copyright and Related Rights) Regulations 2012 (2012 Regulations). The 2012 Regulations allow for the application of injunctions against intermediaries whose services are used by a third party to infringe a copyright or related right.
- The 2000 Act was further amended by S.I. No. 567/2021 European Union (Copyright and Related Rights in the Digital Single Market) Regulations 2021, which directly transposed the Copyright Directive.
- S.I. No. 68/2003 European Communities (Directive 2000/31/EC) Regulations 2003 (Irish e-Commerce Regulations). The Irish e-Commerce Regulations transposed the e-Commerce Directive into Irish law.
Data protection laws applicable to social media
EU data protection laws apply in Ireland
Data Protection Acts from 1988 to 2018 (together the Irish DP Acts)
The Irish DP Acts work alongside the EU GDPR to govern data protection in Ireland.
Data Protection Act 2018 (2018 Act)
The 2018 Act establishes the statutory powers, duties and functions of the Data Protection Commission (DPC). The DPC is the Irish SA responsible for monitoring the application of data protection legislation in Ireland.
- Section 31 of the 2018 Act, which transposed the EU GDPR, establishes the digital age of consent. The 2018 Act states service providers like social media platforms are not permitted to process the personal data of a subject under the age of 16 years without consent. It is the responsibility of the service provider to obtain the consent of the child’s parents prior to processing such data.
S.I. No. 336/2011 (Irish e-Privacy Regulations)
The Irish e-Privacy Regulations transposed the ePD.
DPC and the EDPB
While the DPC is the SA in Ireland, the interaction between the DPC and the EDPB plays a critical role in Ireland, in particular, is critical to keep in mind. As noted above, the EDPB is essentially the arbiter of disputes between EU SAs if there is disagreement on a decision or sanction to be imposed on a company for data protection non-compliance. Given that a number of social media companies have their EU headquarters in Ireland, there are regular interactions between the DPC and the EDPB, which can have impacts on social media companies based in Ireland.
DPC’s Regulatory Strategy for 2022-2027 (2022-2027 Strategy)
One of the DPC’s main priorities in its 2022-2027 Strategy is the protection of children and other vulnerable groups. EU GDPR notes that children merit special protection with regard to their personal data. Children and other vulnerable groups share the common risk factor of the frequent dependency on others to advocate on their behalf. The DPC notes that there is confusion among these groups around data sharing and, particularly, around consent. This has resulted in children and vulnerable adults enduring prolonged exposure to adverse situations.
Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing 2021 (Fundamentals) (Ireland’s age-appropriate design code)
This guidance outlines principles and recommendations for companies processing children’s data in Ireland. The guidelines are applicable to all organizations providing services directed at, intended for, or likely to be accessed by children, regardless of whether they are online or offline services. The Fundamentals outline 14 core principles that serve as baseline expectations for organizations processing children’s data. The Fundamentals also provide examples of data protection by design and default measures, including default privacy settings, user choice, limitations on data sharing, avoidance of manipulative techniques, and the provision of parental dashboards where appropriate.
Legislative developments on the horizon
EU Developments will be equally applicable in Ireland
General Scheme of the Digital Services Bill 2023 (2023 Bill)
On March 20, 2023, the 2023 Bill was released by the Department of Enterprise, Trade and Employment, but as of the date of publication of this guide, it is yet to be enacted. The 2023 Bill will support, at a national level, the DSA (see the EU general laws section). The 2023 Bill addresses the designation of the Media Commission as the digital services coordinator for Ireland and will give effect to other miscellaneous matters, including the establishment of a liability regime for providers of online intermediary services and the harmonization of court orders to take down illegal content from online services, including social media platforms.
Online harm and misleading content
An emerging focus in Ireland has been on regulating harmful and misleading content online, moving away from an era of self-regulation for large online platforms, such as social media platforms. The consequence of this focus is that there may either be more regulatory enforcement of existing laws or a look to issue new laws or guidance to tackle these issues. Some of these are set in this section.
- Online Behavior: Influencer Marketing Report (the Influencer Report) The need to regulate misleading online content can be seen in the CCPC’s recent Influencer Report, which investigated online consumer behavior and influencer marketing. In its recommendations, the CCPC states that social media platforms should assume greater responsibility for informing and educating their users on misleading advertising, and further recommends that such platforms support users by labeling online content and facilitating the reporting of misleading advertising.
- Criminal Justice (Incitement to Violence or Hatred and Hate Offences) Bill 2022 (Hate Crime Bill) The Hate Crime Bill will add a hate crime element to many common crimes, as well as (if enacted), changing the definition of “incitement to hatred” (essentially hate speech)—criminalizing any intentional or reckless communication or behavior likely to incite violence or hatred against a person or persons because they are associated with a protected characteristic. The Hate Crime Bill would further make it an offense to prepare or possess material (such as posters or leaflets) likely to incite violence or hatred, even if the material had not yet been shared or made public.
- Communications (Retention of Data) (Amendment) Act 2022 reforms While this law has bridged a gap to allow for the continued retention of and access to certain data for criminal justice and national security purposes, the Minister for Justice has noted its intention to further reform and clarify the law on data retention in Ireland. It is expected that a new general scheme of a bill will be published that will consolidate existing legislation on the retention of data.
- Artificial Intelligence Negotiators of the Parliament and Council of the European Union have reached a political agreement on the proposed Artificial Intelligence Act (EU AI Act) following much negotiation in December 2023. The EU AI Act is envisaged to ensure Artificial Intelligence (AI) systems operating in the EU are safe and do not operate in a way that is contrary to the fundamental rights and values of the EU. The EU AI Act will operate through a risk-based approach considering the potential risks of AI systems and their possible impact on society. The banned category includes AI systems which pose a threat to citizens’ rights and democracy (such as social scoring or systems exploiting the vulnerabilities of certain groups of people, etc.). Certain exemptions may apply in this category such as narrow exceptions for the use of biometric identification systems (RBI) by law enforcements (e.g. for identifying victims of certain crimes or preventing terrorist threats). It is noted that high-risk AI systems will be required to comply with a number of obligations to prevent or mitigate possible negative effects on society and users, including carrying out a mandatory fundamental rights impact assessment. The final version of the EU AI Act further puts more focus on general-purpose AI (GPAI) systems, subjecting high-risk GPAI models to more stringent obligations. Further measures were agreed upon to better support SMEs developing AI solutions including regulatory sandboxes and real-world-testing. The text reflecting the provisional agreement was published February 2024. The final version of the EU AI Act is expected to be formally adopted by the EU Parliament and the Council and soon to be published
- Blockchain The Department of Finance published a paper on virtual currencies and blockchain technology outlining its views on the effects of virtual currencies on consumers and companies in areas such as data protection. Additionally, the Irish tax authority issued a manual titled “Taxation of Cryptocurrency Transactions” to explain cryptocurrency taxation for crypto assets. Virtual asset service providers will need to consider their obligations following the transposition of the fifth anti-money laundering directive into Irish law by way of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021.
- European Media Freedom Act The European Media Freedom Act was politically agreed by the European Parliament in December 2023. Once enacted, the European Media Freedom Act will provide safeguards against the unwarranted removal by VLOPs (designated under the Digital Services Act) of media content produced according to professional standards but deemed incompatible with terms and conditions. A new independent European Board for Media Services will be set up under the European Media Freedom Act. The Board will also coordinate measures regarding non-EU media that present a risk to public security and will organize a structured dialogue between VLOPs, the media and the civil society.
Contributors
Marie McGinley
Partner, International Head of Technology , Dublin
E: mariemcginley@eversheds-sutherland.ie T: +353 1 6441 457
© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.
Share this