Brits out?


Britons did the unexpected yesterday and voted to leave the EU. As an American outsider, I wasn’t emotionally invested the way the British are, but I favored the Remain side. That said, Leave won and it’s time to assess the damage.

First, let’s say this: It’s not that bad. Many establishment types have tried to paint the EU as the author of the post-World War II peace in Europe. That’s malarkey. There are plenty of reasons Europe has remained at peace (mostly) since 1945. The main one was NATO, which kept the Soviets from sweeping up the other half of Europe and military and cultural exhaustion kept the West from driving them out. After the Soviets got the bomb, mutually assured destruction guaranteed European peace. It still does. That was true when Britain joined the EU in the 1970s. None of that changes now.

But what should happen next? David Cameron has already resigned, and Labor is looking to eject their parliamentary leader as well. The Scots are agitating for another referendum, despite the spectacular failure of the last one just two years ago. I think that’s a mistake now as I did then, but the prospect of a free Kingdom of Scotland under the heir of the Stuarts is tempting to anyone who loves Scottish history and culture. (They’re more likely to have a dysfunctional socialist republic made of 70s nostalgia and rapidly diminishing North Sea oil.)

The real question, for me, is what happens to Northern Ireland. Britain’s last major colony received more funds from the EU than any other part of the UK and voted 55-44 to remain in the EU. Northern Ireland’s six counties are poorer than the twenty-six counties of the Irish Republic, and that disparity will increase now. Reunion with the Republic has always been opposed by the slight majority of Irish Protestants who fear being subsumed in a Catholic nation (or so we assume, Britain has never allowed a referendum there). Losing out on the benefits of the EU may shift enough voters to effect an “Ulstrexit” from Britain, and realize the dream of centuries of Irish patriots.

Or maybe that’s just wishful thinking by an Irish-American. Even if I’m wrong on that point, I think we can all agree that the immediate future of Britain and Ireland just got a lot more interesting.

Unsafe Harbor


I did not think my first post here would be on trans-Atlantic data privacy, but this morning I read that the European Court of Justice struck down the so-called “Safe Harbor” provisions that governed data privacy rights of the European customers of American companies. As the TechCrunch article explains:

The Safe Harbor executive decision dates back to 2000, and allows U.S. companies to self certify to provide “adequate protection” for the data of European users to comply with the European data protection directive, and with fundamental European rights such as the right to privacy (under Article 8 of the European Convention for the Protection of Human Rights).

In a strange coincidence, my first published work was on this exact topic, back in 2004. The problem, in a nutshell, is that the U.S. and E.U. have different standards for what businesses can do with the personal information you provide them. In Europe, data privacy is governed by a directive issued in 1998 that harmonized privacy rules among the E.U. member-nations and forbade transfer of consumers’ data outside the E.U. into any country that had inadequate privacy protections. In the E.U., a consumer must explicitly grant a company permission to share his data. In the U.S., companies may share consumers’ data unless the consumer explicitly opts-out. (You’ve probably received a notice like this one from your credit card companies: that’s because of this issue.)

This difference in the laws, among other things, caused the problem of E.U. regulators saying that the U.S. did not have adequate data privacy protection. By agreeing to let American companies self-certify that they were in compliance with the U.S laws, they were essentially considered in in compliance with the E.U. directive, and cross-border trade was allowed to continue. A lawsuit against Facebook by an E.U. citizen opened a crack in this protection when Europe’s highest court ruled that the Safe Harbor could not prevent suits against companies that fall short of E.U. privacy rules.

Back in 2004, I argued that the U.S. should adopt data privacy rules closer to those of Europe. We didn’t, and the Safe Harbor has worked as a temporary solution ever since. That solution has seemingly crumbled, and regulators must either come up with another E.U.-wide solution that will pass judgment with the ECJ, or else leave U.S. companies to deal with the varying privacy laws of the 28 E.U. member-states, an expensive and time-consuming proposition.