Ireland once again found itself at the heart of European Union policymaking this week as negotiations on a new transatlantic data deal reached a climax in Brussels.
EU and US negotiators have agreed on a replacement pact, more than three months after the European Court of Justice struck down the "Safe Harbour" agreement governing transatlantic data flow following a case taken by Austrian campaigner Max Schrems against the Irish data protection commissioner.
As the power and prevalence of the internet has expanded in recent years, data protection has emerged as a key area of EU policy.
Last December the European Council, parliament and commission finally stuck a deal on a landmark data protection package, following four years of negotiations.
Under the new laws, which aim to develop an EU-wide approach to data regulation, a firm breaching EU data protection rules could be fined up to 4 per cent of its annual turnover. Lawmakers pulled back from endorsing a binding law that could ban teenagers from accessing social media sites without parental consent.
In parallel, the EU legislative system has struggled to respond to a number of rulings from the European Court of Justice, including the landmark "right to be forgotten" ruling of May 2014 following a case taken by a Spanish citizen against Google, and the Schrems Safe Harbour ruling in October.
Rights issue
The issue of data protection is highly contentious, pitting the interests of big business against the rights of individuals to privacy. The debate has also played out along geographic lines. Not only is it perceived as a battle between business- hungry US technology giants and conscientious EU regulators, it has also exposed cultural divides within the EU.
With Germany and Austria leading calls for better protection for its citizens, other countries appear less perturbed by threats to their citizens' privacy. Ireland is perceived by many to be in the latter camp.
As the home to the European headquarters of most of the big US tech multinationals, Ireland has inadvertently found itself in the position of chief data regulator for the EU. Criticisms that Ireland’s data protection regime is too lenient have been made by Germany and other EU member states for some time, despite efforts to beef up the resources of the data protection commissioner.
A report this week in Politico's European edition described how Ireland was bracing itself for a "blizzard of tech rulings" that, along with the pressure on the country's corporate tax regime, could spell trouble for its status as a tech hub for US companies.
Irish officials have been actively involved in the race to agree a successor deal to Safe Harbour over the past few weeks.
Dara Murphy, the Minister of State for Data Protection, flew to Brussels last week for meetings with the US ambassador and officials. Irish MEPs, including Seán Kelly, have been centrally involved in the tortuous passage of the data protection package through the European Parliament.
The Fine Gael MEP is unapologetic about ensuring that businesses are not overly burdened by EU data legislation, arguing that the new package has struck a balance between individual privacy and business competitiveness.
Kelly welcomed the new deal on Safe Harbour, which he said has secured the future of the US-Irish tech sector.
"Most of Europe's largest technology companies have a base in Ireland. Therefore, any impediment to their ability to do business in Europe would affect Ireland most," Kelly said on Wednesday, warning that thousands of jobs could have been lost to Ireland if a deal had not been struck.
US ombudsman
The main points of Safe Harbour 2 (dubbed the EU-US privacy shield) include the establishment of a US ombudsman to handle complaints from EU citizens; an annual review system; and “binding written assurances” from the US that access to data for law enforcement purposes will be subject to “clear limitations, safeguards and oversight”.
Unsurprisingly, the business community has welcomed the certainty brought by the agreement. However, many questions remain.
Max Schrems questions whether the new proposal will meet the criteria set out in the European court judgment.
“With all due respect, but a couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run when there is explicit US law allowing mass surveillance,” he said this week.
“I doubt that a European can walk to a US court and claim his fundamental rights based on a letter by someone.”
As Ireland continues to face the ire of European regulators over its tax relationship with tech giant Apple, the next government will be hoping that the controversy over data protection standards recedes.