Internet privacy breaches sound alarm bells for worried businesses
Differences between EU proposals on data protection and those in the US raise a number of questions
“Europe has always had a false sense of superiority towards the States that isn’t borne out by the evidence,” he says. “We need to be careful about pointing fingers.”
Nonetheless, the EU does have stronger privacy protection – and more regulation – on the books, he acknowledges – yet this can cause concerns.
“At least at a macro level, there can be a perception that Europe is more difficult to trade in, from a privacy perspective, and Europe needs to be aware of that – but I do think that [extra protection] is a good thing,” he says.
The EU has argued that its proposed data-protection regulation, which would be consistent across all member states, will make doing business in the EU much easier, taking out €2.3 billion in annual costs for businesses.
However Britain’s ministry of justice has predicted net costs to business of between £80 million and £320 million a year. However, the vast majority of businesses have little to no ability to measure costs, going by a May study from Britain’s data protection regulator.
It indicated over 80 per cent of 506 businesses polled could not quantify what they currently spent on data protection, and almost 90 per cent had no notion what they might need to spend under the proposed EU regulation.
Honan sees the same confusion about the demands, as well as associated costs, of legislation in Ireland. “I have clients struggling to understand the current regulations,” he says.
His clients are also concerned about proposed requirements, such as to have a data protection regulator in-house.
“Many would believe they should have that already, if a company is doing data protection correctly. Invariably, there is going to be a certain amount of cost.”
One trend he is seeing is clients pushing for better and more explicitly defined contracts and deals from cloud providers, especially multinationals. The big multinational cloud providers already offer European clients an EU-based cloud, as EU clients need this to comply with data protection regulations.
He notes however that companies have to rely on assurances about the privacy of data from US-based companies – companies that “still have to comply with US regulations” on data access.
Such uncertainty is enabling some European companies to see opportunity amid the changing privacy landscape, offering not just European but US and other global customers, services and cloud space under more protective EU privacy regulations.
“There are opportunities for European companies and service providers to promote themselves as being more privacy-oriented than the US, and other countries such as China, ” Honan says. “It is a market gap and the privacy laws here are the most stringent in the world.” He is aware of several start-ups in Ireland and elsewhere hoping to move into just such a niche.