Mr. Richard Browne:

I think I will have answers for four of the five questions asked. In the first instance, the interdepartmental group is chaired by the Department of the Taoiseach rather than by any Minister, so it is run out of the centre.

On the enforcement point, I raised some questions about enforcement as well. The difference here between a criminal law Act and the civil law in a regulatory function is that in a regulatory environment there must be powers to compel entities to do things. We could take the Data Protection Act 2018 as an example. Telecoms legislation providing for the powers of the Commission for Communications Regulation, Comreg, or the forthcoming legislation around cybersecurity all have a system of information notices and compliance notices. They allow people to provide information to allow an entity to assess compliance with a regulatory system. There is a system of compliance notices to allow somebody to compel an entity to do something or take a particular type of action. Then there are penalties assigned to different types of offences under the legislation. It is different in criminal law, where obviously a very different approach is taken.

There is more to the enforcement question as well. If a system has thousands or millions of people commenting online, then obviously policing it in a finite, infinitesimally granular way is going to be extremely complex. However, if we choose to not police it, given the sheer volume it is very easy to have a situation where it just becomes ignored. If there are a small number of transactions and it is policed collectively in the way the Deputy suggests, then it is possible to have some kind of communal assessment of justice. If there is no policing entity, then there can be a surge in a matter of a few days or weeks. We have seen it online in a number of other cases where there are clear breaches of rules. Without enforcement by a policing authority, a better regulatory body or a compliance body, it will be very difficult for the legislation to actually have any effect. That is the second question.

The third question is around territoriality. The UK and other jurisdictions have readily agreed and said that one can only do so much. A state can only operate within its own territory. There is a bigger question here that has to be appreciated by the committee before we can really get into this question in any great detail. It goes back to a question Deputy Stanley raised as well. Conceptually, the Internet is governed by a mix of European law and national law in various aspects. European law applies around a very wide variety of issues including data protection, cybersecurity, child protection etc. The Internet is also governed by a system of what we call multi-stakeholder governance at a global level. The committee has heard about components of this in the past. The question of territoriality and extra-territoriality is different when it comes to the Internet. There are real limitations on what individual states can do, hence this notice and take down-type procedure that is essentially applied at a global level. In the US, there is the Digital Millennium Copyright Act and in the EU we have an equivalent piece of legislation called the e-commerce directive. They both apply similar notice and take down mere conduit style models. They exist. Whether we do things now in the same way as we did them 20 years ago is a different matter, but they exist and they are there for a reason. Unravelling and undoing that really substantial edifice of case law, practice and tools would take a very considerable amount of time. However, it is what it is. What the Oireachtas should do is one question. What the Oireachtas can do is a different question.

It is safe to say that across Europe, and indeed globally Australia and New Zealand have had similar issues, there has been a series in the past 20 years of regulatory interventions and attempted regulatory interventions in Internet-type matters on everything from electoral law right through to child protection through to intellectual property. It is a very broad spectrum. In the end it comes back to the fact that one can do in certain areas, clear national interventions and then in other cases one has to rely on one supranational e-commerce directive-type interventions. There are some things that are very difficult to do. The touchstone from the perspective of the Department of Communications, Climate Action and Environment that we always go back to is that this works best when it is sectorally based. Making law for the Internet, just for Internet-related issues is very difficult. If one regulates a sector and encapsulate the Internet-related component of that in it, it is much more likely to work. Medicines is a case in point. Data protection is a case in point. We do not have the GDPR for the Internet and a GDPR for something else, we have a GDPR. We have a Data Protection Act that covers Internet and offline and that is the way that regulatory models tend to work in this case.

The last question the Deputy raised was with regard to the definition from the Broadcasting Act 2009 on political end, it is worth noting that the law on electoral matters, as I am sure everybody will be aware in terms of broadcast, is prohibition. One cannot advertise for matters on broadcast media in Ireland outside of party political broadcasts. The application of a definition when it is binary is obviously slightly different.