EU/US solution needs to be found quickly as lack of consensus threatens evolution of cloud services, social media, e-commerce and ‘big data’ analytics
Europe and the US need to lead the way to agree common standards for legitimate Government surveillance and access to data without unnecessarily infringing on the data privacy rights of individuals, or we risk stifling the development of the ICT sector.
That was the message from John O’Connor, head of Matheson’s Technology practice and Chair of the Irish Group of the Society for Computers and Law (SCL), at yesterday’s SCL briefing on The Evolution and Reform of Data Protection to coincide with Data Protection Day, which was hosted by Matheson.
Mr O’Connor stated, “For Governments and citizens, the on-going debate in Europe and the US regarding Government surveillance and access to data has highlighted the difficulty of finding a sensible balance between the privacy of personal data and the need for legitimate Government access to certain personal data for the prevention of crime and terrorism. There is now a prevailing view that Europe and the US need to lead the way to agree common standards for legitimate Government surveillance and access to data without unnecessarily infringing on the data privacy rights of individuals. This EU/US solution needs to be found quickly and ideally would include new minimum data privacy standards for all personal data transferred to the US from the EU because it threatens to negatively impact the evolution of cloud services, social media, e-commerce and ‘big data’ analytics.”
The ICT sector in Ireland employs over 37,000 people and generates €35 billion in exports annually. Mr O’Connor warned that an ongoing impasse on privacy standards, as evidenced in the dispute between the US and Ireland over data held by Microsoft, would adversely affect the sector. The lack of certainty for multinational ICT firms on privacy requirements has the potential to impact investment decisions and impede Ireland’s recovery.
He also warned of ‘drawn out reputational damage’ for those not reacting to the coming data protection evolution. “For all organisations, we are on the cusp of very significant change in relation to data privacy laws in Europe which are likely to include increased supervision by Data Protection Regulators, hugely increased fines and other sanctions as well as lengthy investigations and drawn out damage to reputation with considerably more media and public interest associated with serious breaches of data privacy laws. In some ways its comparable to competition/anti-trust law 20 years ago when enormous fines and other sanctions for breaches were infrequent or non-existent but then everything changed. From a corporate governance perspective, now is the time for firms to take a much more organised and comprehensive approach to data privacy compliance.”
Dara Murphy TD, Minister of State at the Departments of the Taoiseach and Foreign Affairs with Special Responsibility for European Affairs and Data Protection also spoke at the event, noting; “Data Protection Day is the ideal opportunity to remind ourselves as a society of the need to take the protection of personal data seriously. Organisations right across the public and private sectors, and individuals themselves, all have a responsibility in relation to the protection of privacy. New EU rules, once agreed, will update our laws for the digital era, and we must prepare for the changes. Government has placed data protection policy firmly on the political agenda and signalled its ambition for Ireland to lead in this area.”
Also speaking at the briefing, Data Protection Commissioner Helen Dixon confirmed that the regulator’s office would be ‘significantly improving its reach’. “The Government’s recent confirmation of a near doubling of the data protection office budgetary allocation to €3.647m this will undoubtedly allow the regulator in Ireland to significantly improve its reach in terms of protecting the individual’s fundamental right to data privacy and affirm Ireland’s position as an important and steadfast data protection regulator in Europe.”