Irish companies are at risk of large-scale data breaches that could leave them open to significant liabilities, a legal expert has warned.
Following a number of high-profile breaches in recent times, barrister Michael Vallely, who specialises in IT law, says companies here face similar risks.
A landmark decision in the court of appeal in England last week involving Google found that claimants can sue for distress as opposed to having to prove financial loss as was previously the case.
This “game-changer” of a decision could have knock-on effects for decisions taken in the Irish courts,” Mr Vallely said.
“It’s only a matter of time before we have a large data breach because it’s going to happen and the question is… who’s going to pay for it? And that Google case [Vidal Hall v Google] could have opened the floodgates.”
The case was taken by a number of English claimants who alleged that Google had misused their data by secretly tapping into and collecting information about their online habits on Apple’s Safari web browser.
The court decided that damages could be claimed including for distress caused.
Recent data breaches in the US, which affected retailer Target and health-insurance provider Anthem, have further highlighted the issue. If such large-scale businesses are at risk in other jurisdictions, Mr Vallely said he can’t see why Irish companies wouldn’t be.
The issue of relevant jurisdiction in data protection cases can also be somewhat unclear with potential for Irish people to have to fight legal battles in US courts should disputes arise.
“Can a large multinational decide, ‘OK a consumer based in Ireland, we’ve got a contract within Ireland we’ve providing a service to you’, and if a dispute [arose] can they force you to run up to the States to arbitrate or to fight the case?”
Mr Vallely claimed that multinationals seem to be “totally ignoring our consumer rights legislation”.
“There is something called the unfair terms regulations within our jurisdiction and basically any term that’s unfair and unreasonable… it’s unenforceable against a consumer yet most of the big companies still seem… to insist that Ireland should be regulated in the States which is not a runner,” he added.
Mr Valley is among those speaking at the it@Cork European Tech Summit in conjunction with the Irish Examiner at Cork City Hall today.
© Irish Examiner Ltd. All rights reserved