(From an article originally published in July 2017 on my peerlyst blog)
Does legislation stifle innovation? No. Why? Because it legislates in “catch up mode” mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don’t have any actually) – then they fail to implement the legislation or put in place checks and balances to monitor compliance.
Legislators are better at legislating for the abuse of data – the IP Act in the UK – in favour of mass surveillance and warrantless omnipresent spying and eavesdropping. It’s a catch all bucket – much easier than putting your back into it and figuring it out with Privacy, Civil Liberty and Human Rights in mind.
Legislators are looking to heavily regulate IoT. One wonders what their approach will be since they have failed or chose to ignore (more likely), it would appear, to legislate and police the most basic elements of Data Protection despite some of the first statutes being enacted (in Europe) as far back as 1986.
Now we have the kerfuffle of the NIS Directive (compelling member states to “be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority” – another agency just when we thought that the ones that we had were as bad as the disjointed un-joined up implementation of policy could get) and GDPR (which contains the bizarrely general statement in Clause 4 that “The processing of personal data should be designed to serve mankind”) – good luck implementing that.
Data Protection legislation for much of the intervening period was “lip-service” and PR driven. The DATA PROTECTION ACT, 1988 was publicised by the Irish government as an innovative “first of its kind” legislation that would set the Republic of Ireland apart and create a “privacy regulated” USP for RoI as an FDI (foreign direct investment) destination.
The IDA boasts on their website “We favour green lights over red tape, which is why we are one of the best countries in the world for ease of doing business (Forbes). New business is welcomed and supported by the flow of talent coming from our schools, universities and abroad, to work for high-performing companies across a range of cutting-edge sectors.”
What this really means is that regulation in Ireland with respect to Data Protection and Central Bank governance (both having a direct impact on the operations of the likes of EU headquartered tech giants based in Ireland – Google, eBay,Facebook, Twitter, HubSpot etc … pick a name – they are based in Ireland somewhere) was all about accommodating whatever these firms asked for, with scant or little regard to what the privacy protections in the legislation actually dictated in terms of consumer / end user protection.
Put the following statement in front of your local Data Protection commission and ask them to respond with respect to their view on the best way to protect the consumer while enabling innovation – prepare for an answer characterised by vanilla, non-committal prose peppered with out of context TLA’s.
“Dear Data Protection Commissioner, How Does Your Office Propose To Balance Classically-Conceived Privacy Concepts In Light Of The Business Imperative Of Providing The End User With Contextual Richness?”
The Office of the Data Protection Commission and the Central Bank of Ireland are widely regarded as complicit in the wholesale abuse of the data protection, privacy and tax obligations of tech companies operating in the country.
Understaffed, under-skilled and under-whelming, these outfits have presided over some of the most spectacular breaches of these obligations.
They will be tasked with creating law to govern how companies should implement security protocols and data protection measures to control the people who use the information generated by IoT (or those who seek to illegally acquire it) and the application of Big Data, IoT, AI, data analytics, and machine learning.
I have no faith that Ireland or Europe will stay on the edge of the curve of innovation in order to regulate its expansion in a controlled and understood manner. But I could be wrong. Do you think that I am wrong? I would love to hear counter arguments to my usual cynical stance on these issues.