In providing a service over the internet into other EU countries, from a website hosted in Ireland, an internet service provider will typically want to ensure that if there is a dispute with a user of the service, that the dispute can be litigated in Ireland.
The Brussels Regulation (which determines which courts have jurisdiction in civil and commercial disputes between companies and individuals) at article 2 provides (subject to some exceptions including that set out in article 23) that a person (legal or natural) may only be sued in the member state in which he or she is domiciled.
One of the issues that a previous decision of the European court of justice had argued, was that an EU member state court could have exclusive jurisdiction where there was a validly concluded jurisdiction clause, even where there was a dispute as to the validity of the agreement in which the clause was included.
The judgement provides some encouragement to web site owners, that if their web site terms are sufficiently well drafted (including incorporating a home state jurisdiction clause), and are brought properly to the attention of site users, that the onerous provision of article 2 of the Brussels Regulation can be avoided and home state jurisdiction maintained. It remains to be seen whether the Supreme Court will uphold this decision.
I have just posted a news item on our site in relation to the Broadcasting Bill 2008. This issue was brought to my attention and the attention of Fergal, IIA CEO, via various avenues so thanks to anyone who got in touch late last week.
The Broadcasting Bill 2008, if enacted as is, could create confusion and a possible loophole for an added tax on both consumers and business users of the internet. However, we hope to be corrected and that this is not the case! Please use the comments below to contribute. Check out our news item on the IIA site to get more details. We would like to ensure that those debating this issue are aware of this lack of clarity and clear it up now. I imagine the government would have a hard time justifying a licence fee on all devices capable of accessing the type of content described in the bill particularly considering the lack of availability of adequate broadband for many.
One of the many things I have been doing since I began working here in the Irish Internet Association has been responding to queries that come in from members and from the general public. In order to do this I have to try very hard to keep abreast of the kind of issues that are concerning our members. One of our newer members originally contacted me with a query about data protection legislation and I felt terribly ignorant when he seemed to know more than I did. Happily he still joined the IIA!
So last week I gratefully accepted an invitation from the Institute of International and European Affairs to attend their event “Perspectives on privacy in the Internet Age” with presentations by Peter Fleisher, Chief Privacy Counsel, Google Inc., and Billy Hawkes, Data Protection Commissioner. There was also a brief presentation from the floor by Inspector Pat Burke of An Garda Síochána. Here is a brief synopsis but please if you were present and feel I am misrepresenting anyone, I would welcome corrections and clarifications. Thanks!
Both Peter and Billy opened their presentations quoting Scott McNealy’s now infamous and eight year old comment “You have zero privacy anyway. Get over it.” although it became quickly clear that neither of them are even remotely as blasé as McNealy was way back then when it comes to privacy and data protection.
Both of the speakers talked about how, now that information storage is so cheap, it’s actually more cost effective to keep rather than delete information. Fleisher suggested that corporations who are required to comply with privacy and data protection legislation could deal with this in a number of ways:
- Time based anonymisation: forgetfulness should be programmed in so that once information reaches the time limit required by law, it is forgotten by the database.
- Include privacy controls so that users can choose what level of privacy they wish to set for the information that they are storing or publishing online.
- Education: Corporations like Google have a responsibility to educate users about privacy and data protection in a clear and accessible manner.
However Google’s biggest difficulty in relation to privacy legislation is that they are required to comply to location based regimes as he called them. Even within the EU and based on the EU directive countries could set their own time limits for data retention and Google has to comply to all of these while in reality all of this data exists in the cloud rather than any specific location. He also pointed out that in the US there are 39 Security Breach laws each with their own details because the legislation that governs privacy in the US is not federal.
In relation to education Fleisher told us that Google have developed a selection of videos about privacy which have been viewed by half a million viewers. He suggested that corporations might consider video as a more personable approach to privacy statement than the current privacy statements that can now be found on most websites. Fleisher said that the APEC privacy framework was, so far, Google’s preferred framework with it’s emphasis on preventing harm and focus on accountability.
He finished up by reminding us that the big question should be what do we want technology to do for us rather than what is technology doing to us?
Billy Hawkes, the Data Protection Commissioner, had some very interesting statistics about data protection in Ireland and attitudes to data protection and privacy among Irish citizens. Firstly he pointed out that only 10% of companies in Ireland transfer data outside the EU so there may not be currently a requirement for global laws. Citing the Eurobarometer 2008: Data Protection in the European Union: Citizens’ Perceptions, he pointed out that Irish people were slightly more concerned about privacy than the EU average but were also among those most opposed to monitoring of internet usage. All these details can be accessed via the Eurobarometer website. (PDF) Nora Owen, who chaired the session, in her summing up made particular reference to Hawkes use of the phrase “function creep”. He used this when referring to the reasons why data is being kept. Does less privacy and more monitoring equal enhanced security for citizens? Does it equal less crime.
When talking about the future he suggested that corporations should include privacy by design or commission privacy enhancing technology. Similar to Fleisher he emphasised the need to educate people about revealing information, making the point that privacy rights are technology neutral.
Inspector Pat Burke from An Garda Síochána also added from the floor that through their cooperation with the Data Protection Commissioner and always operating within the law and with the right to do proper, legitmate investigation they have had some success in tackling crime which uses the Internet as a platform such as child pornography, internet fraud and identity theft. They have also been able to tackle transnational crimes such as human and child trafficking.
Questions from the floor were put by TJ McIntyre from Digital Rights Ireland and Mark Kelly of Irish Council for Civil Liberties who asked if Google would use a human rights framework to which Fleisher responded that Google are very focussed on the ethical use of the Internet and while they were forced into “the odious concept of censorship” in China, their search results in China include a statement that the results have been filtered. They also will not offer Gmail in China. Brian Greene also made the point that 90% of people using the internet are consumers rather than content producers and there are issues when corporations get and retain data about consumers. Fleisher clarified that Google comes in two flavours: plain ol’ search or search enhanced via logging into your Google account where Google gets to know you and offers you results based on your search history. It’s the consumers choice which search to use.
An interesting afternoon and do you know what? The lunch was delicious too!
As I mentioned at the top of the post I’m new to a lot of these issues so I would really appreciate any comments or clarifications via the comments below.