Nick Clegg, l'ex vice primo ministro del Regno Unito e attuale vicepresidente per gli affari globali di Facebook, ha trascorso la scorsa settimana cercando di sfatare la voce secondo cui Facebook sarebbe presto costretto a smettere di offrire i suoi servizi nell'UE.
<p class="no_name">Facebook had attempted to persuade a Dublin judge that a ruling by the Irish Data Protection Commissioner would make it difficult for the company to keep operating anywhere in Europe. This was reported more widely as a threat to leave Europe.</p>
<p class="no_name">Although a lot of it can be overlooked as posturing in court documents, it is still a dramatic situation to find ourselves in, with a service used daily by the majority of adults in the country at risk from a court decision.</p>
<blockquote class="inline__content inline__content--pullquote">
Se gli Stati Uniti non sono un luogo sicuro per i dati europei e le società Internet non possono spostare i dati senza interruzioni tra gli Stati Uniti e EU, rimodellerà Internet globale
Capire come siamo arrivati qui offre una visione approfondita delle mutevoli sabbie della regolamentazione globale dei dati, del futuro di Internet e di come l'Irlanda si sia trovata al centro di tutto.
<p class="no_name">This affair escalated dramatically in July when, after a string of court cases, international frameworks and EU directives, the Court of Justice of the European Union ruled that the United States was not a safe place for companies to send the private data of EU citizens.</p>
<p class="no_name">There are some really big implications from that ruling. If the US is not a safe place for European data, and internet companies cannot move data seamlessly between the US and EU, it will reshape the global internet as we know it. It poses big questions for US tech companies such as Google, Amazon and Facebook that offer their services in Europe: how do they operate if they cannot transfer user data back to headquarters for processing?</p>
<p class="no_name">As most of their European operations are in Ireland, the responsibility fell to the Irish Data Protection Commissioner to enforce this ruling, which she did against Facebook in early September. Facebook has since challenged the action and the Irish High Court has paused it until November.</p>
<blockquote class="inline__content inline__content--pullquote">
Pensare al GDPR con termini come "privacy individuale" e "diritti dei dati" è un modo piuttosto americano di considerarlo
L'Irlanda sta ospitando questa drammatica battaglia sul futuro di Internet, che potrebbe vedere l'emergere di un insieme globale di regole per il trattamento dei dati nel migliore dei casi, o nel peggiore dei casi, un'interruzione del funzionamento di Internet moderno.
<p class="no_name">The first three decades of the internet have been shaped by US norms and values. Every government is now trying to mould the global internet in its own image. The trick here is to push hard to apply your own world view, to shape the internet to your own cultural norms and legal frameworks, but not so hard that you effectively splinter the internet in your part of the world, as China has done with its “Great Firewall”.</p>
<aside class="related-articles--instream has-3"/><h4 class="crosshead">Landmark legislation</h4><p class="no_name">The European Union has two landmark pieces of legislation aimed at making the internet distinctly more European – the General Data Protection Regulation, which came into effect in 2018, and the ePrivacy Regulation, which is still in the works.</p>
<p class="no_name">To fully understand the EU’s vision for a more European internet, we first have to make sure we are viewing it through a European lens, not an American one.</p>
<p class="no_name">To think about the GDPR with terms such as “individual privacy” and “data rights” is quite an American way to look at it. The European framing of this issue is instead to think in terms of “corporate responsibility” and the “environment within which my data is handled”.</p>
<blockquote class="inline__content inline__content--pullquote">
Vogliamo che le persone siano informate e responsabilizzate, ma quando è stata l'ultima volta che hai letto 20 pagine di "termini e condizioni" prima di scaricare un'app?
Per illustrare questo con un'analogia, diamo un'occhiata a come potresti applicare questi due frame a un'area diversa: la produzione alimentare.
<p class="no_name">The American approach would ask questions such as “How do we empower individuals to make smart choices about the foods they eat?” When we ask questions such as this about foods, we end up with solutions such as nutrition labels on food packaging – standardised, clear, concise ways that citizens can engage with food providers from an informed and empowered position.</p>
<p class="no_name">I’m a big fan of nutrition labels, but there are limitations to this approach. I’m not a food expert.</p>
<p class="no_name">So smart regulation also sets standards. The European Union cares about the processes by which our food is produced. We make rules about the hormone levels in our beef and the chemicals on our crops. This is a good thing and does much more of the heavy lifting to improve the quality of our foods than information alone could accomplish.</p>
<p class="no_name">The same analogy applies to data. We want people informed and empowered, but when was the last time you read 20 pages of “terms and conditions” before downloading an app?</p>
<p class="no_name">That’s where legislation such as GDPR comes in. The “nutritional information” is a part of it, but the much bigger and more substantial changes are on the corporate responsibility side.</p>
<p class="no_name">The EU cares that farms and food-processing plants operate responsibly, and likewise they care about how companies behave with our data. Huge amounts of GDPR is focused on processes and procedures to make companies less sloppy when they handle our private data.</p>
<h4 class="crosshead">Problem with US</h4><p class="no_name">As the Brexit negotiations remind us, the EU also cares about the high-level agricultural policies and practices in the countries we import food from, and likewise it cares about the data protection and security policies of the countries our data is sent to.</p>
<p class="no_name">The EU has always had problems with the way that the US does beef, and now it has beef with the way the US manages data.</p>
<p class="no_name">Edward Snowden, a CIA contractor turned whistleblower, brought to light the fact that the US government regularly monitors the private data passing through the servers of US companies. Since GDPR came into effect, many companies have put agreements in place saying, in effect, “we will transfer your data to the US, but we will ensure the same level of safeguards required under GDPR”.</p>
<p class="no_name">Max Schrems, an Austrian citizen and privacy advocate, challenged one of these companies, Facebook Ireland, saying it can’t make such a promise because once it sends his private data to Facebook US, it can’t stop the US government from snooping on it. Keeping that promise is outside of Facebook’s control.</p>
<p class="no_name">The European courts agreed, and so here we are, with the Irish Data Protection Commissioner trying to enforce this with Facebook Ireland, with wider implications for every other tech company to follow.</p>
<p class="no_name">GDPR has been a success in making the internet more European, with most large global tech companies changing the way they handle private data inside and outside the EU. The next big test, which we will see play out here, is if GDPR can change the way the US government treats the private data of non-US citizens, or maybe just EU citizens.</p>
<p class="no_name"><em>Peter Tanham is a digital strategist who writes a weekly newsletter about tech policy in Ireland</em></p>
