Ireland poised to benefit from new data laws

Ireland is well-positioned to cope with the challenges, and benefit from the opportunities, that the new data-rich world of the internet of things offers.

It was the first country in Europe, for example, to appoint a Minister for Data Protection, which it did back in 2014. A survey published by Forbes last year, on behalf of law firm William Fry, found Ireland is considered the second most attractive location in the EU for data-driven investments.

Some 82 per cent of the survey’s respondents rated the country’s regulatory regime as good to excellent which, its authors said, is “a very strong indicator of a firm but fair regime that strikes the right balance between businesses and individuals”.

In May 2018, the EU’s General Data Protection Regulations (GDPR) come into force across the EU. Among the key changes coming as a result of GDPR is “extra-territorial scope”, says Marie McGinley, partner and head of data protection at law firm Eversheds Sutherland.

“Unlike the current regime, the GDPR extends the territorial reach of EU data-protection law. It captures not only the processing of personal data by EU-based data controllers and data processors which have EU establishments, but it will also apply to all data controllers and data processors established outside of the EU but which offer goods or services to EU data subjects (even if for free), or which monitor the behaviour of EU data subjects, irrespective of whether the processing takes places in the EU or not. This highlights the fact that the GDPR will have a much broader impact than the current regime.”

The GDPR creates some new rights for individuals and strengthens some of the existing rights, including the right to restrict processing, the right to data portability, and rights in relation to automated decision-making and profiling, says McGinley.

“The GDPR builds on the current fair-processing requirements by increasing the amount of information that you must provide to data subjects when collecting their personal data, to ensure that such processing activities are fair and transparent. Organisations must provide the information in an easily accessible form, using clear and plain language.”

Compliance framework

An element of the GDPR that will have particular resonance for foreign direct investment in Ireland is that they introduce the concept of a “one-stop-shop” compliance framework, whereby multinational companies will be regulated by the supervisory authority where they have their “main establishment”.

“Data protection and security are issues of growing interest and concern to customers – both at an organisational and individual level. As research released by the Department of the Taoiseach and the Government Data Forum has shown, a vast majority of businesses in Ireland believe data will play a central role in the development of their business model going forward. In a period of digital transformation, consumers are also becoming more data conscious, with 86 per cent making an effort to protect their personal data online,” says Rebecca Radloff, head of legal at Microsoft Ireland.

“With Ireland home to the EMEA HQs for some of the world’s leading technology companies and with a number of data centres located here, it is fitting that the Irish Government should continue to take a leadership role in enabling and facilitating robust debate and in helping both businesses and consumers to become more informed on issues related to data security and privacy,” she adds.

The businesses Ireland has attracted here are more data-intense than most, including Facebook, Google and LinkedIn, according to Leo Clancy, head of technology, consumer and business Services at IDA Ireland. “The product these companies make is data,” he says.

“However, in the past couple of years we have seen a lot more businesses, across all sorts of sectors, become very interested in data. Data is no longer unique to online companies, as more products are becoming data-enabled, even things like hairbrushes. The big advantage for US FDI is that GDPR enables uniformity right across the EU,” he says. That’s good news for Ireland, a country that positions itself as a gateway to the EU, and has a strong track record on data protection.

“We are now reaching a digital inflection point in relation to the importance of data not just to online businesses, but to all sorts of businesses. And if you are not a country that understands data, if you are not a country that has a very competent data authority, you will not be in a positive position to get this investment,” Clancy adds.