Ireland's hefty data industry demands equally big industry cop

Whether it likes it or not, the Republic of Ireland has become a battleground between the EU and US legal systems – and between those two mighty forces and the forces of American mega corporations.

It is in Ireland, where servers operated by Microsoft reside, that the US Department of Justice has demanded it has the right to search.

It was from Ireland that the European Court of Justice received the complaint that would lead to the striking down of the Safe Harbour agreement between the US and EU last year.

Safe Harbour allowed the transfer of personal data from the strictly regulated EU members states to the considerably less regulated US.

This left the Republic in difficult territory. Successive governments have gone out their way to build a substantial part of the nation's economy around the data industry.

A new transatlantic cable connecting County Mayo on the west coast of the island directly with New York was completed last August, while in and around Dublin the biggest web companies in the world have opened data centres there.

And yet the Irish state seems to have failed to keep pace with this tremendous inbound investment. The arm of the state that would otherwise police and regulate this burgeoning sector has failed to evolve accordingly.

Writing in the Irish Independent in 2013, Simon McGarr – a solicitor who has represented Digital Rights Ireland in the Irish and European courts – noted that, despite Ireland's Data Protection Commissioner regulating “the combined personal data of billions of users of Facebook, Google, LinkedIn, Apple and Twitter”, the commissioner's office is quite remote from these locations.

McGarr was scathing about the “Lilliputian budget of €2.2m” that the DPC had then been allocated, and suggested that the long-term interests of the nation lay in developing a competent and mature regulatory environment that these multinational data-guzzlers would want to operate in.

Though the DPC was given something of a face-lift last year, it is still far from adored. In January, Digital Rights Ireland instructed its lawyers to serve legal papers on the Irish government, challenging whether the commissioner's office was truly an “independent data protection authority” under EU law.

The DPC has also been accused by some of having failed to be a strong enforcer and of merely accommodating complaints. In is annual reports, the DPC revealed surprisingly low statistics on data complaints, having instead marked communications from the public as “contacts” even if they contained grievances.

At the time of its complaint, Digital Rights Ireland said that: “Ireland’s DPC has a key role in Europe’s data protection landscape. From our 2014 case overturning data retention to the Schrems case, to the Microsoft v USA warrant case, Ireland is the critical jurisdiction for the protection for the rights of citizens across the EU,” while alleging that its Data Protection Authority “doesn’t meet the criteria set down by the EU case law for true independence.

“As the Irish government has refused to acknowledge this to date, we are turning to the courts to uphold Irish and EU citizens' fundamental rights.”

The DRI's solicitor had noted that London remains the centre of the global insurance and reinsurance business, and not simply as a legacy of Britain's empire, but because the world of shipping was, for a long time, headquartered on the Thames. Also, as McGarr writes, Great Britain “worked hard, and spent freely, to ensure they have a world-class regulatory system”.

When the previous regulatory institutions lost the confidence of the market, the government scrapped them and started again. The cost of the combined regulatory system for the insurance industry in the UK is estimated to be £645m this year.

This is nothing like 'light-touch' regulation. This is the real thing. And it provides the global insurance industry with the certainty all behemoths of finance crave. Oh, and the UK's reward for this investment? The insurance industry makes up 2.5pc of the entire country's GDP – worth £32.4bn in 2010.

If Ireland is to be serious about the data industry it is nursing, then it must equally commit to developing a sensible and comprehensive regulatory environment for data management. As Digital Rights Ireland's claim shows, there is little faith that the DPC is currently capable of performing this function.

The DPC declined to speak to The Register regarding the state of the nation's regulations. ®