It may be easier to say what a developed country is rather than what a developing country is.
The former UN secretary general Kofi Annan once described a developed country as one which allows all citizens to enjoy a free and healthy life in a safe environment. The attractions of his definition are self-evident. He focuses on citizens, life and safety. No mention of business nor of commerce. Nevertheless, when thinking about what a developing country is, concepts involving business come to the fore.
At a recent conference in the Saïd Business School at the University of Oxford, academics speaking about the characteristics of developing countries highlighted matters such as a lack of physical infrastructure – road, rail and (dare I say it) broadband. They also highlighted problems associated with the lack of an educated workforce and fragile legal institutions.
In the developed world, we are arguably in a new phase of developing legal institutions. Among the most notable developments for the business community is the General Data Protection Regulation (GDPR).
GDPR is not an Irish institution. Our GDPR laws flow from EU regulations, and EU regulations have the key characteristic of being applied identically across EU member countries. Because the EU regulations provide for 'one-stop shops' where multinational entities can opt to deal with one regulator in one country for all EU wide matters, Ireland has in recent times become a veritable hub for European data protection.
As GDPR passes its first birthday wrinkles are appearing in its practical operation. GDPR can, unwittingly, prejudice the operation of other necessary forms of policing and regulation. Sometimes these wrinkles appear where the private sector acts as an agent for public sector governance.
Ireland, for example, operates a robust regime for the liquidation of companies, whether voluntarily or by compulsion. The liquidator, who typically is operating in the private sector, is obliged by Irish Company Law to examine the conduct of the directors of the company leading up to its liquidation, and to report to the Office of the Director of Corporate Enforcement any concerns over the conduct of any particular director. This can lead to sanctions on the director.
By and large, government agencies are exempt from GDPR obligations, so can carry out investigative work without being too worried about their processes becoming challenged by the target of any complaint. A tax audit conducted by Revenue is a good example.
But, in a liquidation situation a disgruntled former director can attempt to obtain the private sector liquidator's findings and workings via a data access request under GDPR, and perhaps thwart the work involved in winding up the company.
In an ideal world, this shouldn't matter, but the world is not ideal. Liquidators find themselves obliged not just to carry out their work as liquidators, but also to have the resources to manage and - if necessary - defend data access requests and their consequences.
This matters because we rely on having a robust environment in which companies can establish and operate, and indeed be wound down. It’s fundamental to the Irish business offering.
Developed countries must always keep a balance between legislation and practice. Where there is a mismatch, we call it red tape. Good initiatives and solid legislation, such as GDPR, should not be permitted to create unnecessary red tape.