Against a backdrop of conflicting EU and US regulatory frameworks, IEDR chief executive David Curtin sets out the case for Ireland’s new Internet Policy Forum announced at Internet Day on 26 October
Ireland is in a uniquely difficult position, caught in the crosshairs between opposing US and European systems of regulation and business practice. The opposing regulatory cultures of free speech and privacy are fundamentally incompatible.
We are home to nine of the top ten global software companies and nine of the top fifteen internet companies, collectively employing tens of thousands of people. Their business is data—our data, and our fellow Europeans’. But how this data is used is subject to strict EU regulations which we, as a member state, must enforce.
How do we find the middle ground? This situation has many implications for Irish businesses, citizens and communities. To ensure that our concerns and ideas are given a platform, we urgently need cooperative action. That is why IEDR is calling for the creation of a national Internet Policy Forum.
The growing storm
European data protection authorities have belatedly woken up to the reality that millions of EU citizens have willingly and freely provided their personal data to American social media platforms and other behemoths of the digital industry. These foreign companies are storing the data in the cloud—often on servers in the US—where data privacy rules and regulations are very different.
This data, which is so valuable that it is described as the new oil of the twenty-first century, is now being mined and monetised, generating vast revenues. Adding fuel to the flames is the perception that the corporate profits are not taxable in the national jurisdictions of the EU 27.
The European Commission has had enough and thrown down the gauntlet. Now Ireland is the battleground for the opposing forces of EU regulators and US corporations.
In the first skirmishes, the EU had victories. It won the “right to be forgotten” for EU citizens on Google and other search engines; the repeal of the Safe Harbour framework followed.
Its replacement, an agreement between the US and EU called the ‘Privacy Shield’, is intended to allow personal data to be transferred from the EU to a company in the United States, but with one major caveat – that company must process the personal data according to a strong set of data protection rules and safeguards.
However, amid allegation and counter-accusation, Privacy Shield is now not expected to survive even the first interim review.
Understanding American and European perspectives
The changing political climates in both the EU and the US help to explain these diametrically opposed perspectives.
Across the Atlantic, in a post 9/11 world, Edward Snowden has revealed the extent to which US Homeland Security and law enforcement agencies have been empowered to monitor and record email traffic, browser activity and telephone conversations of US citizens and visitors and tourists. Faced with real threats to USA’s national security, it appears that concerns about data privacy have paled into insignificance.
In a rapidly changing US political landscape, free speech and free market doctrines are fuelling demands to roll back regulatory systems in industries as diverse as banking and telecoms. So, too, with regulations impacting the internet, as an important “level playing field” safeguard is under attack: the US Net Neutrality legislation is now at risk of being repealed by President Trump’s newly appointed FCC Chairman.
In Europe, however, many of the EU 27 are nervous about government access to private communications and jealously guard citizens’ expectations of rights to data privacy. Some have memories of military dictatorships and repressive political regimes. We often forget that the transition to democracy only took place in Greece in 1974, in Spain in 1978, and in Lithuania, Latvia and Estonia in 1991.
It is in this context that the EU member states’ passion and appetite for data privacy exists. Their challenge, which they have already begun to accept, is to protect the data privacy of EU citizens while curbing the power of US government to potentially access the data held by their multinationals with European HQs in Ireland.
The Irish position
Ireland is between the hammer of the EU and the anvil of the US. We are obligated to implement, comply with and enforce EU regulations, but at the same time, we are also obligated to protect the jobs and multibillion euro investments of the US multinationals rooted in Irish soil, and critically, the livelihoods of tens of thousands of people across their supply chains.
How do we respond? International decisions, rulings and agreements will have a profound effect on citizens at local level. In Ireland, a critical issue is how these EU regulations will be implemented and enforced by our national regulators and state bodies.
The burden of compliance needs to be fair and proportionate. In particular, the levels of red tape and perceived bureaucracy must be appropriate, especially for our hard-pressed SME community.
If the multinationals are the target of the EU regulators, then the enforcement emphasis ought to be there. However, SMEs should be worried and concerned because there are certainly precedents for the opposite approach. For example, anti-money laundering regulations, designed to combat organised crime, impose costs and red tape on every small business owner, whether setting up a bank account or merchant services for e-commerce.
Founding Ireland’s Internet Policy Forum
Against this complex, high-stakes backdrop, it is clear that Irish internet policy formation and policy implementation is too important to leave to chance and too pressing to leave on the long finger.
That’s why IEDR strongly believes that the creation of a multi-stakeholder, representative, national Internet Policy Forum is an important step on the road to giving Ireland’s business owners, and its citizens and communities, a voice on how the internet is developed, managed and governed in Ireland.
The Internet Policy Forum will build on, and develop, the excellent work of IBEC, SFA, eRetail Excellence, the Internet Association, LEOs and others. It will allow SMEs, business associations, government and citizens at large, through representative bodies like Cyber Safe Ireland, the Internet Society, Coder Dojo, Hotline.ie and so many others, to discuss, debate, and assess the effects of national and international internet regulations on you, me and millions of others.
We are issuing the challenge to everyone involved or interested in the internet in Ireland to commit to the target of having our national Internet Policy Forum up and running by the next Internet Day, in October 2018.
IEDR looks forward to sharing more information on this exciting development in the coming months.