Search icon

Professor Ray Friel discusses EU Data Protection Policy on Limerick Today

Professor Ray Friel discusses EU Data Protection Policy on Limerick Today

Prof Friel was on Limerick Today with presenter Joe Nash to discuss the implications of the EU General Data Protection Directive which will come into force in May 2018. Prof Friel agreed with Joe’s assertion that this new legislation would impose a significant burden on Irish businesses if they were to comply with this and he noted that following Brexit, UK businesses might not be the subject to these sorts of compliance costs. Prof Friel pointed out that the impetus for the EU arose from two different issues: first, people were much more conscious of their privacy rights and second that technology is rapidly increasing the amount of data that is being collected by companies. The EU took this very seriously and that we had ceded sovereignty in this area to the EU, irrespective of what occurs elsewhere.  Joe made the point that people probably did not understand that they were giving this power to the EU when they voted in the referenda in this country and while Prof Friel agreed with that, and stated that referenda are a very blunt instrument, it did not change the fact that was what we had agreed to. Friel also noted that many IT companies such as Facebook, Google etc tended to locate in Ireland not merely for tax reasons, but also because of the relatively limitied resources put into supervisory authorities, such as the Data Protection Commissioner, in Ireland. The new legislation would change that, essentially ‘federalising’ that office and enabling it to draw on the resources of their counterparts in say France and Germany and indeed, effectively transferring supervision to the agencies of those countries on behalf of the EU.

Friel pointed out that the regulation would impact heavily on SMEs in the Limerick region as well and said if there were two things people should be looking at it, first it was ensuring that there was a sufficiently informed, explicit and valid consent to acquire the data and second that the data was held and used with appropriate safeguards not only in terms of cyber-security but generally as well. Joe pointed out that the fines were now up to €20 million or 4% of turnover.