Data protection rules: the overlooked reason for Apple’s Athenry move

Apple’s decision to place a major new data European centre in Athenry, announced Monday, further cements Ireland’s international reputation as a data centre location of choice.

Ireland has quietly but steadily grown as a data centre hub since the turn of the millennium, when the initial US/Irish transatlantic fibre cables were being lit. A rash of big data centres were built back then, particularly around Dublin, though they were called hosting centres, not data centres, and there was none of this yammering on about clouds.

(By the way, Oracle founder and former CEO Larry Ellison had a fine rant about cloud computing – "We've redefined cloud computing to include everything that we already do" – years ago, which you can find in full here: http://iti.ms/1zev1hO)

That early incarnation of the Irish data centre sector was hit hard by the dotcom collapse, leaving some empty buildings and a flood of cheap second-hand computer hardware on the market. Some wondered if too many centres had been built here.

However, they gradually began to fill again and as data burgeoned, so too did the data centres. Many of the tech multinationals already here built their own, and other companies arrived and did the same. Apple will join a roster that includes Microsoft and IBM, Google and HP, Amazon and EMC, amongst others.

But let's go back to the reasons Apple decided construct an Irish data centre (as well as a sister site in Denmark, also announced Monday).

Ireland’s usual selling points, cited as the reasons for winning this €850 million project, were trotted out numerous times.

A mild climate that helps data centres minimise the cost of keeping all those computer servers from overheating. Expertise in building and staffing such centres. Excellent fibreoptic internet connectivity coming in and going out of Ireland, especially to the US. Low corporate tax rates (although the government would prefer if you not mention Apple and the T word in close proximity, thanks very much).

But there’s another major factor. Almost invisible on the public radar, rarely mentioned by politicians, but sharply on that of multinational handlers of big data such as Apple, will have been the desirability of a stable European location with (reasonably) clear data policy.

It’s a time of great uncertainty for companies that handle vast data flows, those internet, social media, and more traditional technology companies that handle, store and analyse business and consumer data.

It's likely that Europe will impose a much stricter data protection regime in the coming 18 months, which will require greater protections for EU citizens' information.

And, post Snowden, there's very rightly, growing concern amongst Europeans that European data should not end up in US, or even UK data centres, within the legal (or easy surreptitious) reach of the National Security Agency or Government Communications Headquarters.

A major part of the problem for businesses and EU governments and lawmakers, is that once European data passes over EU borders or into the UK, we now know from Edward Snowden’s document leaks that it’s hard to know who might look at it, regardless of international agreements.

There are even indications that some European countries may require that its citizens’ data remain inside their own national borders.

For a company like Apple, one of the firms whose data were accessed by the NSA via its Prism programme, security of data in international markets will be increasingly important. Like Oracle and other managers of big data, it will be looking to set up data centres in a range of European countries, ready to manage its valuable trove of user data lawfully, whatever the EU or given EU state may decide to legislate for data protection.

Handily, Apple already has a data centre in Germany, the country that has been most vocal about perhaps introducing laws requiring German citizen and company data remain within German borders.

There are other policy considerations, too. As the EU prepares its new data protection Regulation, indications are that data protection challenges will be handled by the data protection commissioner in the country in which a multinational has its EU headquarters. For many of the big data handling tech companies, that country is already, Ireland.

Many of the companies will feel that Irish Data Protection Commissioners have handled past challenges even-handedly – a view that might not be shared by privacy advocates. But, the Irish environment will be considered easier to work with than, say, in Germany.

Yet even having a data centre well-placed in Europe might not be enough to shield data from the long arm of US law. The current, ongoing American court case in the US in which Microsoft is contesting the right of a US court to directly demand the company hand over emails held in its Irish data centre highlights the real concerns big data multinationals now have - and the alarm customers outside the US may feel if such access is deemed lawful.

That’s why so many technology companies have rowed in behind Microsoft in this critical case. If Microsoft loses this case, it is no overstatement to say the future of big data businesses and cloud computing looks utterly chaotic.