Managing Data Privacy is a key challenge for U.S. tech companies expanding into Europe.
As his last official act as Data Protection Commissioner for Ireland, Billy Hawkes recently gave the closing keynote address at an event for the International Association of Privacy Professionals in San Jose, California. Appointed to the position in 2001, Hawkes’ time at the helm has been eventful, to say the least. Developments over the past several years, such as the Snowden affair, which uncovered NSA surveillance and the subsequent debate over the future of safe harbour, has seen the issue of Data Privacy move to the front pages on both sides of the Atlantic.
As the go-to European location for the world’s leading social, digital, ecommerce and cloud companies like Facebook, Google, Yahoo, Dropbox, and others, Ireland is increasingly at the centre of transatlantic discussions about how personal information is treated online. Starting with its landmark "audit" of Facebook (the first and most extensive of its kind in the EU), the Irish office of Data Protection regulation, led by Mr Hawkes, has more expertise, experience and best practice experience in this field than any other jurisdiction in Europe.
The European Union vs. the United States
There are two fundamental rights at the heart of the Data protection issue. In the U.S. the First Amendment guarantees the right to free speech and in the EU, the right to data protection, enshrined in the Lisbon treaty, is now a fundamental right in Europe. Countries, such as France and Germany in particular, have recent historical reasons to value their privacy – both on and off line – and often have a healthy disregard for unwanted marketing. If you’ve spent much time in Germany, you’ll have seen “Keine Einwuerfe!" (No Spam!) posted on a lot of mailboxes.
Issues for Multinationals
Although U.S. corporations naturally want their customers to benefit from the exciting technologies they have invested in, most also want to comply with the local regulations in countries in which they operate. The current complexity and ambiguity around jurisdiction certainly doesn’t help. Each of the 27 EU member states has at least one regulator, all with differing interpretations of how the EU Directive approaches enforcement and other practical matters. Thankfully, this is now changing. From 2015, the EU is moving to streamline the current system which will provide clarity, and allow a “One-Stop Shop” regulatory approach within Europe. Companies will now have a choice as to where they manage and defend data privacy issues. This is where Ireland has a particular edge.
EU Law with an Irish Flavor
In addition to the talent and infrastructure that makes Ireland a sophisticated European home for U.S. companies, the “Firm but Fair” way the Irish regulator has dealt with companies has added to the attractions of the country. It’s EU law with an Irish flavor. While in no way “light-touch,” the Irish regulatory approach is to engage with companies early, develop an understanding of their business and work with them to ensure that they are compliant. The goal is to achieve results without having to resort to punitive measures, although companies should note though that Irish regulator has more enforcement powers than most other countries.
Mr Hawkes' successor Helen Dixon is about to come on board. With Apple, Yahoo and Adobe recently announcing their intention to manage their privacy operations from Ireland – with others to follow – Dixon will be busy. To help, the Government has recently expanded Dixon’s team and opened a new office in Dublin.
In the meantime, we wish Commissioner Hawkes a long, happy, and above all – Private – retirement. He has earned it.
Paraic Hayes runs the Consumer Technology and Services sector at IDA Ireland’s Silicon Valley office. He has waived his Right To Be Forgotten for this blog.
You'll find us responsive to your needs, proactive, professional and willing to go the extra mile.
We have 28 Offices worldwide helping support companies expand their operations in Ireland.