Could Ireland be the one-stop shop for Europe's new online privacy laws?
The new European Parliament voted into office at the weekend is expected to reach a final agreement later this year on stricter online privacy rules that have long been in the works, says the New York Times.
Privacy role for Ireland?
The big change is likely to be that companies will be able to operate throughout the Continent if they fulfill the requirements and interpretation of European rules from only ONE country’s privacy authority - instead of dealing with the regulator in each of the 28 countries in the EU where they do business.
If the final privacy decisions will eventually rest with an individual regulator, many consumer groups expect Ireland to become the de facto arbiter on privacy matters for the Continent, said the Times.
The NYT said , “Many American tech companies are based there because of the country’s low tax rates, and digital rights advocates say that Ireland is already known for taking a more moderate view on online privacy issues than regulators in countries like Germany and France.”
Not mentioned is the fact that they speak English in Ireland.
However, consumer groups in Europe have warned, says the Times , that if the current proposal stands, tech companies — including American giants like Microsoft, Amazon and Google — could set up shop in the European country with the most lenient data privacy interpretation.
The rules, as shaped over the last three years, would be stricter than those in the United States, said the NYT. “They would create one law across the Continent to protect several aspects of online privacy. And they would slap multimillion-dollar fines on any company that misuses Europeans’ data.”
Leaving the oversight with one country’s office gives companies more clarity about the rules, say lawmakers in favour of the one-stop shop.
“This issue has become more political than technical,” Raegan MacDonald, European policy manager for the digital rights group Access in Brussels, told the NYT. She added, “Who gets to decide on these matters is very important.”
The law it is said is expected to be finished in the first half of 2015. But before the rules go into effect, though, each of the European Union’s 28 countries still must reach a final agreement with the European Commission and the European Parliament.
Two weeks ago, Europe's highest court ruled that people could demand that Google take down links to information about them on the Internet.
This so-called "right to be forgotten" allows individuals to force global tech companies to remove links to their past activities, as long as people are not deemed to be public figures like celebrities or politicians. Google is still deciding how to respond to that ruling.
A Google spokesperson told the Drum, “The ruling has significant implications for how we handle takedown requests. This is logistically complicated - not least because of the many languages involved and the need for careful review. As soon as we have thought through exactly how this will work, which may take several weeks, we will let our users know.”
Analysts say the legal decision will force Google and other search companies to face up to new complaints, as people request that online links be taken down. But at the moment the ruling would have to be be carried out by data privacy regulators at 28 different agencies across the European Union. Wouldn't it be better if one country was the arbitrator?
“Data protection can’t survive on a national level,” said Peter Schaar, a former federal data protection commissioner in Germany. “We need to have an international approach.”