Worried About Your Data? Ireland's Got Your Back
WHY YOU SHOULD CARE
Ireland’s data protections are the best in the world — and counter a rising tide of surveillance.
By Pallabi Munsi
The streets of Chongqing, China’s most densely populated city, are filled with more than just 15 million people. They’re also equipped with 2.5 million cameras, panning the faces of everyone who strolls past, to identify and keep tabs on residents and visitors alike. These cameras are part of a pilot scheme to help curb crime.
Police in New Delhi, meanwhile, recently raised hackles by using facial recognition software to screen crowds at a political rally. Britain has more than 6 million closed-circuit TV (CCTV) cameras, second only to China. And Ecuador recently purchased a massive national surveillance system from China wholesale.
If you’re worried about your privacy and data, is there anywhere to hide? A few states in the U.S. have made moves to protect user data online, but there are serious doubts about their effectiveness. Still, there are some bright spots on the world map:
A survey of 47 countries found that Ireland is the best at privacy and surveillance protection.
Admittedly, the analysis — conducted by consumer watchdog site Comparitech — found that no country in the world achieved a perfect or even near-perfect score looking at constitutional protections of privacy, surveillance, ID cards and data control of citizens’ medical histories, financial records and biometrics. But the Emerald Isle led the pack (scoring 3.2 out of a possible 5), ahead of France, Portugal and Denmark. Unsurprisingly, China is at the bottom of the list. The United States ranked seventh to last.
So what is Ireland doing right? The country is known as a hub for U.S. tech firms in need of a low-tax European base, but its Data Protection Commission has become increasingly aggressive when it comes to protecting user privacy. Éire is currently running 18 separate probes into the practices of big American tech firms that may have violated the European Union’s General Data Protection Regulation. Further, Ireland has resisted an EU directive requiring biometric ID cards and played an active role in overturning the EU’s data retention directive, which required countries to store citizens’ telecommunications data. Ireland’s position outside the Schengen travel zone also gives it an out on some EU data-sharing agreements.
“The Irish government has spent much of the last four years trying to change the perception of Ireland as a soft touch when it comes to data protection and privacy,” says TJ McIntyre, a lecturer at University College Dublin’s Sutherland School of Law and chairman of Digital Rights Ireland. In 2019, the data commission’s budget was increased by 30 percent.
Comparitech privacy advocate Paul Bischoff, who conducted the study, believes even Ireland has room for improvement. “Its weakened protections — for example, data breaches in the medical industry for sensitive data, subsidization of closed-circuit TV cameras and a constant threat to press freedom, a result of the concentrated ownership of media outlets — are some of the reasons why Ireland couldn’t get a perfect score,” he says. On the other hand, some critics of Ireland’s data protection says it’s creating hurdles for smaller businesses, especially nonprofits, which have to shell out more to comply and avoid heavy penalties.
America’s relatively poor performance is largely due to its use of biometric IDs. The Biometric Exit program run by U.S. Customs and Border Protection is expected within four years to be using facial recognition technology on 97 percent of people departing U.S. airports. The U.S. has also been building a database of biometric information containing digital facial images and fingerprints from more than 200 million people who have entered, tried to enter or left the country. Meanwhile, private companies are largely able to set their own guidelines when it comes to processing personal data, and breaches are common. Even when companies are fined for misusing personal data — as Facebook was last summer — the amounts are relatively small and are widely seen as a slap on the wrist, not a deterrent.
Moreover, there are no federal laws regarding the use of CCTV, meaning usage varies drastically state to state, says Bischoff. Some states have a rule that prohibits CCTV use in areas where people expect privacy — for example, changing rooms — but some do not. Only two states — Connecticut and Delaware — require companies to inform their employees if their emails are being monitored.
Still, even the best is far from perfect. The Irish regulator overseeing the EU investigations into privacy breaches at Google, Facebook, Microsoft and Twitter says its decisions will be delayed. That has critics concerned that while Irish citizens may enjoy privacy, Ireland may be letting others down when it comes to its policing violators in the rest of Europe.
- Pallabi Munsi