Nice people, but not IP folk ... |
Secure -- but is it a sitting target ...? |
Security and choice: two major priorities in the EU |
In the EU, having to deal with 28 separate national regulatory authorities is inconvenient, particularly where they employ different standards, and this militates against setting up a single pan-European e-payment system: the EU only needs one regulatory authority. Also, while data protection authorities are inconsistent, some have now begun employing people with technical expertise as well as legal knowledge -- a real improvement when engaging them in dialogue as to the security of a specific software system.
Data protection, security and other legal priorities can be used by larger businesses as a pretext for keeping small start-ups out of the market, or at least of delaying their entry into it -- but that does not mean that these priorities can be ignored. Allegations of failure to maintain proper standards must be examined to see if they are evidence-based or simply a shot at foreclosing the market. It's also important to prevent a situation arising in which the sector is governed by a multiplicity of rules but where the big businesses already playing in that sector are not complying with them. Regulation should also be aimed at real issues and not at theoretical problems, so that the regulatory structure does not overburden the sector. In any event, regulatory standards for internet-based payment systems should be global, given the reach of the internet, not parochial.
In the ensuing discussion session, attention was drawn to the dearth of authoritative case law in this area, to the intermediary platforms offered by Alibaba for such transactions, to the burden of compliance with data protection requirements and whether it represents a disproportionate burden on SMEs (answer "yes, especially since some data protection laws appear to be drafted on the basis that data is recorded physically on paper"). It was also suggested that it was unfair to to regulator-bashing, since regulators were sometimes blamed by SMEs for their failure to comply with regulatory standards.
The conclusions? Data protection regulation is a hindrance and an expensive one -- but a necessary one, particularly now that it has become apparent that some regulated businesses invest time and money in seeking to circumnavigate it. Also, it can be more difficult to sign up for an online magazine than to buy a car on the internet: are we getting our priorities right, and the balance between them?
One wonders whether retail banks should be offering 'payment' service to their corporate customers as standard. Presumably they have the expertise to set up secure online money transfer services, and they would be trusted by SMEs. We now expect banks to provide online services. Perhaps they should be pushed to provide payment services also. That would certainly attract customers to them.
ReplyDelete