Call McGarr Solicitors on: 01 6351580

Cloud Computing: European Data Protection Dangers

Cloud computing is rapidly becoming a buzzphrase in IT-reliant businesses. Its proponents include some of the largest technology companies in the world. But while enterprises may be able to save money by moving into the cloud it is difficult to see how they can do so with their customer’s personal information without breaching EU data protection law.

Household names like Google, Amazon and Microsoft are racing each other to create rival global platforms for the storage and manipulation of data. They have sent their marketers out amongst us to proclaim the Good News- Cloud Computing will reduce costs and improve service when compared to the traditional self-built and run server rooms most significant organisations are used to.

McKinsey Consulting helpfully offered a definition of Cloud Computing in a recent report on the topic : “Clouds are hardware based services offering compute, network and storage capacity where; hardware management is highly abstracted from the buyer, buyers incur infrastructure costs as variable OPEX, and infrastructure capacity is highly elastic”.

Or, as the rest of us might understand it, that you get to sub-contract out part, some or most of your storage and information processing requirements to an already vastly tooled up company and you access it as you need it across the internet.

Clouds, being amorphous, fuzzy and everywhere, were chosen as the perfect metaphor for this kind of service. But a metaphor can obscure the reality of what’s being offered- to send data out to external companies and store it in their datacentres across the world, without any transparency as to what jurisdictions the data now resides.

Ireland has a particular interest in the development of cloud computing. Google, Microsoft and Amazon have all located major data centres around Dublin. It has been mooted that having these services available will enable Ireland’s entrepreneurs launch global web-based businesses without having to make enormous capital investment.

The difficulty arises when we apply the cloud computing model, developed in the US, to data relating to people in the EU. There is a gap in privacy standards between the two jurisdictions, with the EU protecting its citizens’ personal data in legislation.

Personal Data is defined by Directive 95/46 as “any information relating to an identified or identifiable natural person” and processing same as “collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction”.

Ireland’s Data Protection Acts implement this European law into local legislation. The Irish Data Protection Commissioner helpfully defines a Data Controller so that you might more readily recognise if you are one; “A data controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information.” So, the controllers are the people who have the responsibility for the data as it is being processed, no matter where or by whom. The entities they pass the data on to to be dealt with in a specific way are defined as data processors. Cloud computing providers would fall into this class.

But though Irish enterprises work under these European-wide legislative protections of our personal data, the cloud computing model is less sympathetic to our data controllers’ responsibilities.

The FAQ for Amazon’s Cloud offering, called S3, baldly announces that “Amazon S3 allows customers of Amazon S3 to store their data in the EU; however, it is up to the customers of Amazon S3 to ensure that they comply with EU privacy laws.” Furthermore, their Terms of Service states, in all caps for emphasis, that they do not warrant “THAT THE DATA YOU STORE WITHIN THE SERVICE OFFERINGS WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED.”

This ‘as-is’ approach clashes fundamentally with the responsibility of a Data Controller to ensure the security of the data they pass on to a data processor. There is the additional complication that, unlike Amazon, not all the cloud computing service providers will promise to keep the data uploaded from the EU in the EU. The result is the possibility of breaching the laws which prevent EU citizen’s personal data being exported to jurisdictions with less stringent protections.

The Irish Data Protection Commissioner’s office is under-resourced, having only a handful of investigations officers for the entire country. It is hardly likely that he will prioritise clamping down on cloud computing providers who are creating high-value employment in Ireland. Nonetheless, for Irish entrepreneurs and IT professionals who are considering taking the cloud computing route , it is important that they do so with an awareness of the difficulties it could throw up later in a due diligence situation.

Buying or selling a company is like a house purchase. Before the buyer closes the deal, they’re going to want to be reassured that the last owner didn’t do anything that might see them inheriting a legal headache. It may only be when the first wave of early-adopter companies start to be acquired that we will get a clear picture of the full cost of moving to cloud computing.

NAMA 3

The government’s draft NAMA Bill is intended to assist Ireland’s banks in the financial crisis.

The government’s NAMA scheme is itself a form of State Aid and is in breach of Article 87 (3) (b) of the EU Treaty. In principle it is, therefore illegal. The scheme is not currently activated but the effects of the government’s disclosed intentions are manifest in the economy. The Commission has previously found a declaration by a government, to advance State Aid, is a form of State Aid. Complaints about the current consequences of the NAMA plan have been voiced publicly by;

a. The manager of the Park Hotel, Kenmare, Co. Kerry;
b. The Chief Financial officer of ACC Bank;

The government has claimed the origins of the NAMA scheme lie in “advice” from international institutions including the EU Commission, the International Monetary Fund and the European Central Bank.

The attribution of credit to the EU Commission for NAMA is presumed to be a reference to Commission Communication 2009/C 72/01. This Communication was an “easing” of State Aid regulation as applied to bank restructuring.

In fact, the government’s scheme is not in conformity with Commission Communication 2009/C 72/01.

The NAMA scheme is of such a scale as to raise concern about the sustainability of public finances by over-indebtedness. The EU Commission expresses concern that asset relief should not undermine public debt capacity.

The NAMA scheme, far from being limited to the minimum necessary, is extended to the maximum, limited only by the creative skill of the government. Government spokespersons have given indications that the “transfer value” is intended to lie in a range of 66% to 75% of bank book value. The EU Commission mandates that the bank must bear the maximum level of loss. NAMA, as “floated” by government, seeks to reverse this principle.

The government has failed to make public the impact on the [public] balance sheet. No information has emerged from government to show the impact, on public debt, of NAMA.

The government has failed to make public the disclosure of impairments and assessment of eligible banks. This requirement is mandated by the Commission.

The government has disclosed its intention to avoid imposing on the banks the losses associated with impaired assets to the maximum extent. The full measure of bank loss is the difference between current market value and bank book value. The government’s indicated “transfer value” is much closer to book value than market value.

Only Anglo Irish Bank has been wound up or nationalised. The government has failed to evaluate losses or correctly identify losses, as evidenced by the absence of adminstration or nationalisation of any other bank. There is good reason to think some, at least, Irish commercial banks are insolvent. That there is uncertainty on the point is evidence of government default.

The government has failed to disclose details of the daily portfolio values presumably received by the government from the banks. Alternatively, the banks have failed to make such values or disclose them to the government. The Commission mandated this daily exercise for participating banks.

The government has maximised uncertainty about the proper value of of the banks’ assets. The government has consistently refused to declare the “transfer value” it has in mind; it cites the mantra “case by case” to justify this. The Commission expressed the need to make public disclosure of asset values by [the government].

The government has conflated “complex assets” with the impaired assets of Irish banks (the outcome of a real property bubble). The Commission identifies “toxic assets” as the source of most bank asset impairment. Irish banks did not suffer to any appreciable extent from such assets; Irish impaired assets are in the real estate category. These latter are not “complex”. Their values are low due to the bubble bursting and the effects of recession.

The government has ignored the necessity to secure adequate remuneration for the Irish state. The NAMA scheme has no chance of recovering, for the Irish state, the cost of taking the impaired assets from the banks. The Commission mandated the recovery of all losses by the State from the participating banks.

The government has failed to ensure the beneficiary banks bear the losses incurred in the transfer of assets. The Commission’s requirement on the point is expressed in different ways; it says the banks must bear the losses to the maximum and that the State should secure adequate remuneration.

The government has denied the relevance of “market values” for impaired assets and asserts its intention to value impaired assets on a “case by case” basis, without distinguishing between market value and tranfer value and without assigning assets to “baskets”(as explained in Communication 2009/C 72/01). The government has failed to properly examine the value of impaired assets. By deferring the valuation exercise and avoiding transparency it is evading the Commission’s requirements.

The government is intent on setting impaired asset values at too high a level. The assets are predominently real estate assets and the effect of the government action will be similar to the negative experience produced in Japan from a similar cause. The Commission noted the Japanese example in requiring States to avoid such an effect, a frozen real estate market a decade long.

The government has attributed the Irish financial crisis to the collapse of Lehman Bros., rather than to a property bubble. This prevents any proper remedy being applied to Ireland’s public debt and banking crisis.

The government’s NAMA plan exposes Ireland to proceedings by the EU Commission and/or non-participating banks and to claims for damages by those banks and the claw -back of Aid from the participating banks.

At a time when the finances of the State are so badly stretched, Ireland cannot afford this.

Dogs

Formerly, it was said “…every dog is entitled to one bite.”

This was a reference to the then necessity, in holding a dog owner responsible for damage done by the dog, to show the owner knew of the dog’s propensity to bite or cause damage. If the dog had bitten someone else before, the owner now knew and would be liable for the second biting or attack etd.

Since the introduction of the Control of Dogs Act 1986, this is no longer the law.

Under Section 21 of the Act, a dog owner is liable for any damage caused by the dog, without the need to prove knowledge, on the part of the owner, of the dog’s propensity to bite.

It would be a wise thing to take out insurance to cover the risk. There is no way of managing the exposure to the risk; the exposure could be very large.

If a dog owner is sued, or threatened with proceedings, in the absence of specific insurance cover for damage caused by the dog, it would be wise of him/her to have the home insurance policy checked to see if such a claim is covered by the policy.

NAMA 2

The following letter has been sent to the Taoiseach.
****

Our Ref; EMcG/ Your Ref; 25th August 2009

Taoiseach Brian Cowen TD
Department of the Taoiseach
Government Buildings
Upper Merrion St.
Dublin 2

Re: NAMA

Dear Taoiseach,

I acknowledge receipt of the letter of 20th August 2009, from your Dept. requesting €15.00 from me.

I will send that under separate cover.

However, I protest at the demand; given the documentation I am requesting from you I believe the information in the documentation should have been put into the public domain long ago.

You are reported in the Irish Times as having cited the European Commission, the International Monetary Fund and, possibly, the European Central Bank as having advised the Government (i.e., you) to adopt the NAMA solution to Ireland’s financial woes.

The first intimation of such a claim came from the Department of Finance and referred only to the European Commission.

Those EU “consents” are, ostensibly, in accordance with the “three ts” — “temporary, timely and targeted”, all of which are a requirement of the EU for State Aid to financial institutions currently in trouble. Your NAMA plan is not, I believe, in conformity with those requirements.

The Commission has disclosed elements of its dealings with you (and others) on its website.

1. On 25th February 2009 the Commission issued guidelines to States on handling impaired assets of banks. http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/322&format=HTML&aged=0&language=EN&guiLanguage=en

The guidelines of 25th February 2009 provide for “full transparency and disclosure of impairments, [which] has to be done prior to government intervention”. And again, require “… full ex ante transparency and disclosure of impairments and an upfront assessment of eligible banks”

To date, here in Ireland, this has not happened. Nevertheless the Government’s aid has already commenced. The mere declaration of an intention to grant aid, is aid, and the publication of the National Asset Management Agency Bill is aid par excellence.

The guidelines also confirm that “In general, any transfer of assets covered by a scheme at a valuation in excess of the market price will constitute State aid” [and, is therefore, illegal in principle].

A number of points arise from the foregoing;

1. The Commission does not appear to mandate values based on “real economic value”.

2. Additionally, the Commission emphasizes that “In general, all schemes must ensure that the beneficiary banks bear the losses incurred in the transfer of assets”.

3. The guidelines provide for review by the Commission of asset relief schemes [particularly the “valuation process”].

I need hardly point out to you that these issues are surely relevant to the Lisbon Treaty debate.

I urge you to seek Commission guidance on the Government’s NAMA scheme.

Perhaps you would emphasize to the Commission that;

a) the bad assets of the Irish banks are not “complex”(being, principally, land and buildings);

b) The Irish High Court has established a discount on the value of such assets of 50% (relative to the recent past) in Collins & Anor v Duffy & Anor [2009] IEHC http://www.bailii.org/ie/cases/IEHC/2009/H290.html

Yours Faithfully,

____________________
Edward McGarr
McGarr Solicitors

NAMA

The following letter is going to Taoiseach Brian Cowen TD, from this office.

Our Ref; EMcG/ Your Ref; 13th August 2009

Taoiseach Brian Cowen TD
C/O Freedom of Information Section
Department of the Taoiseach
Government Buildings
Upper Merrion St.
Dublin 2

Re: NAMA

Dear Taoiseach,

I hereby request disclosure, within the prescribed time of the information set out below. The request is made pursuant to: Directive 95/46/EEC; Regulation 1367/2006; Directive 2003/4 and The Freedom of Information Acts.

All reports (including draft or interim reports), correspondence, findings, conclusions, statements, memoranda, notes, records, report books or report forms or any other documentation arising out of or in connection with the consultations of the State with the European Union Commission relating to the establishment of the National Asset Management Agency (“NAMA”) and particularly, without prejudice to the generality of the foregoing, pertaining to the price or value whereunder the State may (or might) pay for assets taken, or to be taken, into NAMA.

I enclose a copy of a request to Brian Lenihan, Minister for Fianance, in the same terms. I do this to avoid duplication of effort by your respective Departments. Please liaise with him and let me have on foot of this request those documents not sent by him (in timely fashion or otherwise).

Yours Faithfully,

____________________
Edward McGarr
McGarr Solicitors

Planning Objections

Where objections are lodged to a planning application, it is useful to bear in mind that the character (from a planning point of view) of the applicant is relevant.

Under Section 35 of the Planning and Development Act 2000 (as amended), the planning authority may form the opinion that the proposed development may not be completed in accordance with the requested permission or its conditions, and base a refusal of permission on that.

It will need evidence to form this opinion. The obvious evidence would be the previous conduct of the applicant in relation to developments.

Objectors, therefore should research the past history of an applicant and the history of his/her developments and provide that evidence to the planning authority.

The Right to Know

The editorial of the Irish Times of 1st August 2009 claims the public has “a right to know”. If there is such a right, it is so vague as to be difficult to prove it exists.

Ireland has Freedom of Information legislation that addresses the right (circumscribed) of persons to gain access to documentation under the control of some public bodies. Other legislation addresses the right (equally circumscribed) of persons to gain access to information under the control of most public and private bodies.

These rights are available, generally speaking, to the extent that the officials charged with securing them are effective and the legislation permits.

On these fronts the government has taken positive steps to weaken the legislation and the effectiveness of the officials.

This latter statement is, or should be, controversial. If it is true, it is a scandal. If it is not true its publication is a good occasion to show that, and to promote the supposed “Right to Know” claimed by the Irish Times.

It is of course, a true statement.

It is the job of the members of Dail Eireann to suppress those elements of government and public administration guilty of these positive steps.

Those members will not or cannot do this.

That is the real scandal.

The reference to a “Right to Know” is meaningless unless the public perceives the context in which such a right could, or might, exist. That context is one where Freedom of Information legislation is comprehensive and integrated; where even the suspicion of a desire to limit its effect is sufficient to end political or administrative careers and where it would be inconceivable that a salaried member of the administration would be acceptable as a watchdog of the public’s rights.

Contentious Business

Britain and Ireland have similar, but different, legal systems. In Britain it is permitted for solicitors and barristers to agree to act for no, or a reduced, fee, conditional on being entitled, on winning the case, to charge the client (and a losing opponent) an enhanced fee (one larger than the norm). This is known as “a conditional fee agreement” (CFA).

This is not possible in Ireland.

In Britain, these CFA arrangements are most common in personal injury claims. In Ireland the principal law applicable to such claims and the terms to be agreed between solicitors and clients is S.I. No. 518/2002 — The Solicitors Acts, 1954 To 2002 Solicitors (Advertising) Regulations, 2002

Under the Regulations it is illegal for a solicitor to advertise “No win, no Fee”. Solicitors are not permitted to calculate their fees by reference to a percentage of the compensation recovered for the client. (Or as the Regulations put it, “In contentious business, a solicitor may not calculate fees or other charges as a percentage or proportion of any award or settlement”.

Furthermore, not only are solicitors subject to the foregoing restrictions but are also restricted from offering “legal services involving contentious business… at no cost or reduced cost to the client”

Indeed, it is the obligation of a solicitor to give an estimate of the costs of the legal services to the client in writing, at the commencement of the engagement.

Finally, the Regulations provide, inter alia, advertisements shall not “be published in an inappropriate location”.

(We know for sure that the back of a bus is an inappropriate location).

No Change

In 1775 the East India company sent out Lord Pigot with instructions to restore the Rajah of Tanjore to his Madras territories. These had been annexed in 1773 by the Nawob of the Carnatic. In fact the Nawob was a puppet; the employees of the East India company were the real powers in Madras and Bengal. One of the principal persons in this regard was Paul Benfield (1740-1810). Benfield was nominally answerable to the Court of Directors of the East India company: in reality he was more powerful than his employers. The unlucky Lord Pigot was thrown into a dungeon by company troops (by order of Benfield) where he died in 1775. Benfield amassed one of the largest fortunes ever brought home from India. He was recalled in 1781 as a result of the Pigot scandal and successfully petitioned to return to his position in India. The vote in his favour in the Court of Proprietors of the East India company was 368 to 302. Edmund Burke had purchased a shareholding in the East India company in order to block Benfield’s reinstatement. One of his “Heads of Objections” read;
“That the immense Magnitude of the Sums alleged by him to be due to the said Paul Benfield, furnishes a just Cause to doubt, whether the Money (if really advanced as pretended) could be acquired by lawful means, considering Mr. Benfield’s Rank in the Service, the nature of his Trade, and the time of his residence in India.” Paul Benfield was a man of the world. The shareholders of the East India company were also beneficiaries of the extortion and theft practised in India and if appearances could be maintained, they would not and did not change the status quo.

Belgium

We, all of us, act on our perceptions, albeit that they are of varied quality. We perforce have views on the climate of Tierra del Fuego; the nature of society in Saudi Arabia; the quality of cakes in Vienna, all without having been in these places.

We cannot know everything about these matters, but we can know enough. After all, the most likely practical consequence of these particular perceptions would be, at most, a visit to Vienna; and what harm could flow from that?

Well, we could be persuaded that Empire and Baroque architectural styles are oppressive and cakes are bad for us and abandon plans to visit Vienna.

Would we then decide to visit Belgium instead? Probably not; not as a substitute anyway.

Maybe we are deterred when, as this writer experienced, a colleague alludes, in conversation, to “children in basements in Brussels”.

What is going on here?

Perhaps we have a general sense of unhappiness about Belgium. We remember the Belgian police; they caught Marc Dutroux, but they failed to do their duty. The consequences of their failures were so profound that it was generally accepted that they were not simply inept, and that perception, now ineradicable, is the established Irish view of the police of Belgium.

We also recall that Belgium throws up, now and again, political/business scandals.

To make sense of this we may invoke the saying – “a fish rots from the head”.

We experience the rottenness and conclude that it is systemic.

This is reasonable. Perhaps, as has happened to this writer, a Government minister claims, in conversation, that litigation is controversy and controversy implies a defensible position on both sides until resolution is arrived at in the form of a judgment from a court.

That conflates process with product. A Government of that character does not subscribe to an objective standard of truth or principle.

Worse than that, it suggests that the Government feels confident of its control of the “process”.

That’s enough. When enough people make that judgment every word uttered in defence of that Government is further evidence of the depth of a crisis, a legitimation crisis.

1 39 40 41 42 43 44 45 46 47 48 49 95