 digital ecosystem that protects the rights of the users. Our speakers will address three questions in the name and looking at these questions from their particular perspectives. The first one, the benefits and responsibility of Europe and Ireland's role in the global digital ecosystem. How cooperation between regulators across economic and social sectors can establish a cohesive, efficient and robust regulatory regime. And finally, how regulators are approaching emerging technologies to enable early adoption while maintaining regulatory protection. So our keynote speaker today is Anthony Whelan who has a distinguished record in Europe. Anthony, as I say, currently works as the policy advisor to the president of the European Commission. You're very welcome, Anthony. The last time I think we met was back here in January, early January 2020, so you're very welcome again and thank you for being with us today. Anthony will provide a perspective from the European Commission on digital regulation and the implications for member states like Ireland. Over to you, Anthony. Thanks a lot, Joyce, and thanks very much to the IIEA and to the Economic Regulators Network for giving me the opportunity to participate. I'm sorry I can't be there with you. I had rather hoped that on a Friday afternoon I might make it back, but other things prevailed. But I'm very happy in any event to be joining you from a distance. And of course, there is a view out there that the Commission is no slouch in terms of generating regulation. We certainly generate quite a bit of legislation. And I draw that distinction because there's an important difference, I think, between the role of a policy development and legislative proposer and negotiator, which is one of the central roles of the Commission and the role of a regulator as the enforcer of rules, sometimes the interpreter of rules which may leave a certain amount of regulatory discretion, which is only very occasionally the role of the Commission. And we, of course, among other things, have to think about how regulators in that sense will be able to use in practical circumstances of information asymmetry of resource constraints and plenty of other real world circumstances, the products that come out of the Brussels legislative machinery. So that, in a way, is my point number one. We have to think about how these things are enforced typically by others on the ground. And that, of course, means a very good interchange on draft proposals or even before the proposal stage with not just national ministries, but also certain devolved or purely independent regulators that already exist and are likely the enforcers of those measures is very important in order to produce practical products for the regulatory marketplace, let's say. There are quite a few other questions that we have to put to ourselves, which I think we do put to ourselves, but of course we won't always get the answer right when we are preparing legislative proposals to regulate a certain market. Probably the first one is when to act. And this is particularly important in the digital sphere. Do you anticipate or do you react or some mix of the two? Let me give two examples, although nothing can be, I think, be completely sort of boxed off and categorized in a two binary way. I would regard as one of our most anticipatory pieces of proposed legislation, the Artificial Intelligence Act. Here is a technology that is still far from being widely used. We anticipate massive take-up, of course, in the coming years. We're seeing it already. And where one of the considerations that we brought to the decision to make a proposal was that we should act early to prevent fragmentation. This is something that perhaps is a driver at the Brussels level that wouldn't be equally so at the national level, that if we don't act, it doesn't mean that nothing happens. It just may mean that different things happen and that will impose its own costs. And generally, the complexity of unraveling a fragmented landscape of national regulation can be greater than if you get in early and therefore, as it were, harmonize in a way that people are satisfied with and you go ahead. That doesn't apply, of course, in every context. There may be areas where national fragmentation is unlikely and therefore that consideration isn't so present. Another thing to bear in mind in AI, and it will probably be true in a number of digital fields, is that anticipation did not mean that we were acting in an empty landscape. What we're doing principally in the AI Act proposal is to create a framework to ensure that a whole range of existing rules and rights of individuals in employment, in consumer protection, in safety, in fundamental rights can be adequately applied and respected in the very opaque and complex context in which AI is used. So this was not so much a tabular hazard as a case of trying to bring existing protections in line with the technological development that we see happening around us. But of course, the more you act in anticipation, because there's still quite some measure of anticipation there, the more you must keep an eye on the innovation effect and on designing rules which are, let us say, open to different forms of application that comply with the objective but which nonetheless allow a wide space for technological development and innovation, which we hope we have got right. Views welcome. I put on the other category the Digital Markets Act. Here is a relatively precise set of obligations for a very limited, we believe, subset of actors, these so-called digital gatekeepers, which is largely the product of experience in the area of competition. Not all of the obligations are linked to a specific fully decided competition case, but they all relate to things we have observed in the marketplace. Now, that can bring, and some have criticized in the legislative process, an excessive rigidity. But it seemed to us that creating new, very specific obligations for companies on their commercial behavior required a level of confidence about the behaviors involved that we should be quite precise, be building very much on experience, while, of course, building in mechanisms to adapt as the market changes and so on. Second point I would make, and I am beginning to feel the limits of my 15-minute commitment, so I'll try to hurry up, one needs to be clear about one's objectives. Now, in the commission we have, for all but the most urgent projects, a process of so-called impact assessment that really forces us to think this through. We have an independent scrutiny board which regularly gives negative opinions if they think that the underlying thinking isn't clearly worked out. And what it basically requires us to do is to clearly state our objectives, clearly identify those who will be affected for good or ill, and the relative impacts in whatever way you can weigh them, and to then reach conclusions on solutions that adequately balance the different interests of consumers, of SMEs, of bigger industry, the environment, it will depend, obviously, on the subject. That is a very rigorous and ultimately useful, even if sometimes slightly resented, constraint on the way that we design our proposals. I think the third thing we need to think about when approaching creating balance regulation is the type of rules we create. I think we have been relatively successful in the past. Garrett can probably comment to this from the telecom space. When we create broad frameworks for markets to function better, so where we lay down objectives in terms of competitiveness, investment, innovation, consumer interest, and we lay down perhaps a certain number of ground rules and leave quite a bit to the competitive process but under sometimes quite close regulatory supervision where the existing market structure is to concentrate or a poor one in order to help markets function better. That may work for a long time and then suddenly not seem to work, which is why, for example, the 20-year success of our energy market framework is now leading to very fundamental questions about market design because when suddenly gas is in the stratosphere and you have far more renewables than you were planning or at least as you were dealing with 20 years ago, the way that that creates incentives and delivers outcomes for consumers may differ from the optimal. But there are other types of regulation I could briefly mention where we also have, I think, a decent track record. One of them being product regulation. We have, I think, built up the so-called Brussels effect in part through the marriage of basic safety standards for products in our single market with standardisation in order to let industry design solutions that can be broadly shared and that are deemed officially compliant with the legislation. And that's an approach we see also moving increasingly into the security space in our probably latest production, the Cyber Resilience Act of September. We basically propose a product regulation approach with standards for the cybersecurity of digital products, which is, I think, so necessary, given all the current threats. Two more points I will mention in this Rubik's Cube of issues. One of them is what I would call the level of prescription of the rules that we design. Do we go with a regulation or a directive, which always leaves a bit more space to member states to implement increasingly in the digital area? We are going for regulations because there is thereby a greater potential for real harmonisation of rules for actors who want to scale up quickly in our market. But that doesn't mean somehow that a regulation is much more prescriptive than a directive. We have, for example, some areas of what one might call principles-based regulation. That is, in part, the case, I think, for the GDPR. I would see if Kian shares that view and that there are some clear, hard, and fast rules. And then there are more open, textured concepts like privacy by design, how you conduct a data protection impact assessment, which involves a lot of contextual reading. That's probably similar to what we are doing in the Digital Services Act with some of the broader obligations of the very large platforms on general societal accountability of what they do beyond specific takedown of illegal material. And it's true as well in the area of net neutrality, which was very much sold as principles-based regulation. Now, one thing I'll say in passing is that principles-based regulation may be better for markets that are fast moving, where you can't anticipate everything, or where context may vary very differently, very widely. But it can also lead to surprises. We went through years of negotiation on both net neutrality and then on the BEREC guidelines on net neutrality. And where, nonetheless, I think all of us somewhat surprised by the Court of Justice's interpretation of it on one key point, I think, in the course of last year. So that is where a danger that comes with the method. The final thing I'll mention, and this is really then handing over to the regulators, is the enforcement approach. In the internal market, because the commission is small and collectively the member states work forces are big and where national autonomy is cherished, we have typically functioned with rules being set at the union level, but being enforced at the national level. And one often has the discussion in the internal market, do we use the country of origin regulator or the country of destination, which can mean, if you're active in many countries, that you are subject to up to 27 different regulators, the commission has typically favored the country of origin in digital areas, but has occasionally volunteered to enforce itself. The Digital Markets Act was one such example. As it happened, for reasons that may not be fully shared or appreciated in this audience, it was ultimately judged essentially by the member states that country of origin would not work for aspects of the Digital Services Act. Now, at that point, I think while we didn't agree with that at the outset, the one thing we were sure of was that we did not want the country of destination as the alternative. And so in a world of limited options, the outcome was that the commission was the lucky winner of that particular tumbler and has become the enforcer of parts of the DSA, which allows me to close on a cooperative line. The commission is only enforcer of part of it. So come what may, we will be working very, very closely with national regulators, and I would think among them certainly those in Ireland who will be given that competence on all the rich questions that the DSA and indeed the DMA will throw up. With that, I think I've overstayed my welcome and I'll shut up. Thanks very much. Thank you very much, Antony. You certainly happened to overstay your welcome. You've given us a very clear understanding of actually how the commission approaches areas. And I like, I think it was very useful to remind us about the difference between policy development and the whole area, if you like, of implementation. And I take the examples that you've given us a very clear understanding. I think of the collaborative nature of how the commission works with member states, but also the fact that particularly with emerging technologies, it is about anticipation and it is about looking and understanding what the market wants, but also what consumer rights are as well. So it's a very complex area. You made a sound, I have to say, relatively simple, which we know it isn't. So thank you very much for that. We now move on to our next speaker who has a distinguished record herself in the European Commission, Ursula Patchard, who's the Deputy Director of the European Consumer Association, BUC. Ursula, you're very welcome and we're really pleased to have you with us today. Ursula Presentation will provide a consumer protection and consumer rights perspective on digital policy and digital regulation. Ursula, over to you now. We look forward to your presentation. Yes, thank you very much, Joyce, and good afternoon, everybody. On behalf of the European Consumer Organization, BUC, I'm very happy to be with you, not physically on the online, but I hope we will still have a good exchange and thank you very much again for this invitation. I would like maybe to start a bit more practical from the ground and try to give you an idea of what we experienced from the members that we have which are national consumer organizations in all European countries, of what they know and what we know also from research about what is the reality that consumers face currently in the digital economy. And modern day consumers, I have to say faces challenges which were unheard of before this digital transformation. This has brought many benefits to consumers, but it has also a dark side, which is taking its toll on the well functioning of our markets and on the wellbeing of consumers. And also increasingly, I would like to underline also on our democracies and societies. On a daily basis, consumers are subjected to commercial surveillance and personalized persuasion business practices. Their experience with digital services is tailored to maximize their engagement by algorithms that have access to their entire digital footprint from family photos to search history. The time spent online is being artificially inflated, particularly teenagers and young adults suffer from addictive behavior and are too much and too long exposed to harmful content. Products and services that are offered are often personalized nowadays and consumers have to pay maybe not the same price as their neighbors do. Depending on their online behavior and consumers are misled by dark patterns that then finally lead them to agree on things that they would probably not want to agree with or to make decisions that they would normally not want to make. The resulting problems and harms for consumers but also for our society are multifaceted. Being part of the data ecosystem means that consumers do not have much chance of retaining their privacy and their autonomy nowadays. And consumers have indeed come to depend on three so-called free digital services. Though they may even realize that these are not actually free, they still end up using them for lack of choice and lack of information about the actual risks. But again, it's not only individual consumers who are exposed to this risk, it's well known that our societies are faced with declining trust and a long-term effect of exposure to polarizing stimulation by algorithms that feed on attention and engagement. These are the challenges that we are facing. And the European Commission in its communication on the 2030 digital compass stated that it is the ambition of the commission is to pursue digital policies that empower people and businesses to seize a human-centered, sustainable and more prosperous digital future. Of course, we fully endorse that but the question is where do we stand? I would say we stand still far away from meeting this objective and how can this be achieved? So the event today is a really great opportunity to discuss the challenges. Let me also be a bit provocative and ask about the title of this event which is looking at a balanced approach to regulation. My perspective would rather be to say how can we achieve an effective regulation? How can regulation be effective to meet its legislative objectives? Our answer to the current model of European consumer protection policy and I understand this in a very broad sense because consumer protection is a diffuse policy and affects all, I mean, a big variety of different policies that the current model is not really adequate anymore. It still relies on information disclosure and on the unrealistic concept of the circumspect and very informed individual consumers which is an outdated assumption as many of you probably can attest to have been forced to click on I accept on a pop-up window without reading it or without being able to take a different approach. And we often hear that illegal offline should be also illegal online and there should be equal protection offline and online, but I think we have to finally go beyond that because it becomes clearer and clearer that we cannot have the same protection online and offline. People need more protection online because there are so many different ways now and for business to influence consumers and to have an impact on their privacy, on their autonomy, on their fundamental rights. So we need to go beyond that. We need a more comprehensive new approach for empowering and protecting people. Now, the European Commission and we have heard Anthony has launched a series of new legislations in the digital sphere which I have to say we really very much welcome. We welcome the Digital Services Act the Digital Market Act, the AI Act and the Digital, sorry, and the Data Act just to name the most pertinent pieces for a consumer point of view. These laws are very necessary but still their first objective is not to protect consumers. Most of the time these are market regulations and they do therefore also not very well protect consumers in our opinion. We are very glad that the Commission now recently announced that they will do a fitness check so an evaluation whether consumer law is fit for purpose. This is very much welcome because we see that there is a big, I call it a regulatory gap between the digital legislations and how they protect consumers or how they not protect consumers and the existing consumer law, ACI which is very often principle based and therefore not sufficiently applied and also not sufficiently enforced because maybe it is just also not very clear what it de facto means. And this brings me to the next and last point because we have to look at the reality of consumers though we have a vast area of legislation already when you look at what happens on the ground we see that enforcement is really lacking behind 50K now in this digital economy. And enforcement in my opinion should be the top priority for regulators or legislators for the next decade. From a consumer perspective Europe, of course and we heard the reasons Anthony even mentioned them has always treated enforcement like a marginal topic a step-dive of European Union policies and it was left for the reasons that Anthony very well explained to the member state but the challenges are huge with the cross-border nature of the digital market we have to look at enforcement differently not from a territorial member state approach. There is I underline a systemic I would call it non-compliance of the big tech company with the existing legislations and we have the speed of the changing business models. And the European Commission rightly has changed its course recently Anthony mentioned it already with the Digital Services Act we have a big part of that piece of legislation dedicated to governance and structure of enforcement. We have the European Commission partially responsible for enforcement against the very large online platforms and we have the DMA. But there are also other problems of the data platform economy like that infringements are often multi-faceted interdisciplinarity of enforcement is absolutely necessary because business practices they do not stick to the silos of certain laws or to the silos of enforcers or the respective enforcement network. These practices that we see they often fringe multiple laws at the same time but the reactions that we see are not sufficient in that regard and to address this interdisciplinarity. And then with the country of origin principle authorities become interdependent if one authority does not act all European citizens all European consumers will suffer and that is a dimension which I think needs to be very thoroughly discussed. And the final point on enforcement that I would like to underline is that we will see a big challenge we see it already now about the funding of enforcement. I think we as democracy as societies we need to decide what is it worth to invest in enforcement structures? Do we want to be credible? Do we want to, and to me mentioned the Brussels effect is that still credible if on the other hand these new laws, DMA, DSA, the GDPR et cetera that cannot be properly enforced. So I think this is very important. My last point is about the solution. So what do we see as solutions? I mean, there would be many things to say I focus on two or three. We need strong European solutions effective enforcement. I think we cannot avoid the discussion about more centralized enforcement that we need if there is European law enforcement and I think about big companies. It's really necessary to learn from the GDPR experience which in the big cross border cases and I would say due to the country of origin principle has not delivered. We do not see the necessary protection. We do not see the fundamental rights to privacy and data protection and respect by the big tech companies today. And we need to discuss ways in charge. Is it the European Commission? Do we need more nuanced solutions with a split of competencies between member states and the European level? Competition law could be a source of inspiration as you may know that the commission has exclusive competencies but without precluding the member states in case commission does not act. We have seen that recently in the Facebook page taken up by Germany and my very last point if I have still one minute trace I would like to give you an example just to illustrate what I'm talking about. Since many years our organization be it we work together with our members at the national level to take forward enforcement cases we do that in polycoordinated enforcement so cases are brought to the authorities in a coordinated manner by consumer organizations. And in 2021 we made an examination of the practices of TikTok the video sharing platform with this base in Ireland and it's a hot headquarters in Ireland. We found a variety of infringements starting from consumer law under contract terms problematic virtual items policy hidden advertising, et cetera. We found infringements of the GDPR we found infringements of the audio media services directive. So a variety of infringements we address the respective networks of enforcers. And I mean, I would like to go into detail but just to say on the side of the protection of children in particular because they are the main users of that platform we found that it really is failing to use the respective due diligence to protect children from inappropriate content such as video sharing, suggested content, et cetera. So now nearly two years later what has happened the consumer authorities DPC network reacted so we will see a few improvements not sufficient from our point of view but still there would be improvements. We're still waiting for action on the GDPR there is a pending investigation going on on the audio visual media services directive I have to say that we found out that unfortunately the respective law had not been disposed unfortunately the respective authority which is the only one in Europe in charge because of the country's origin principle had not been established yet though the timeline had been passed for the transformation and we discovered unfortunately that there was no responsible authority in Europe to take up the case and this is how Europe today protects its consumers and protects its children in the digital economy. There are other examples here having a case that is since four years pending for GDPR implement against Google four years people are waiting for a decision. So to conclude the question about the balanced approach I would like to turn it around and say how can we talk about balance and of course see that the existing regulation is not sufficiently applied and not respected and not sufficiently enforced. So we think, I think we need to talk about regulation that is fit for purpose that can be enforced so that consumers are protected but also a fair market place where particularly ICMEs can deliver services to consumers and be innovative. Thank you very much. Thank you very much Ursula and a very clear view from the consumer's side and needs and protection. I think you've made a passionate plea for looking as you say for effective regulation and looking also at the needs perhaps when online and offline that offline needs more protection and the raising of awareness and also the need for enforcement but if you're having that enforcement that there's a lot of resources given to that area and acknowledgement of it. You spent a fair amount of time talking about those solutions and we may come back to those in the questions Ursula but you talked about a more centralized enforcement and really asked a lot of questions serious questions around that area and gave us good examples so thank you very much for that and we look forward to taking up some of those points in the questions. So thank you very much Ursula. We're now coming back to Dublin and our first speaker here is Una Fitzpatrick. Welcome back to the IIEA. Una and myself were commenting over lunch that's the first time we've met in person we've met several times on Zoom and that has been a real pleasure Una. Una is as you know is Director of Technology Ireland and is a member of the Board of Digital Europe. She's worked extensively within the knowledge economy here and in Europe and Una will provide now a business perspective looking on business on digital regulation and the importance of Ireland being a regulatory hub as well as a business hub. Over to you Una, thank you very much. Thank you Joyce. Good afternoon and thank you to the IIEA for inviting me to speak at this event. Just to introduce myself again my name is Una Fitzpatrick the Director of Technology Ireland the Ibec Trade Association that represents Ireland's technology sector. Our membership is made up of the leading Irish-owned and FTI players in the Irish tech sphere. Technology Ireland recently launched its new four year strategy for the sector. Technology has changed the way we live and has kept us connected, productive and efficient over the last few years of crisis. Throughout this turbulence the sector has continued to innovate as people adapt to technology and the benefit it brings to our lives the approach to governing our sector needs to remain agile. Industry stands ready to work with lawmakers and regulators to design the rules that will shape the growth and success of Ireland and the implementation of these rules. Our members' needs are at the heart of what we do our role is to listen to our members' needs and to put them into action to ensure we are the leading voice for the industry. Since 2013 the sector in Ireland has grown at an average of 12% per annum. The digitally intensive sector now directly employs over 270,000 people here. Our new strategy maps the success factors which have led to Ireland's resilient and innovative tech sector and sets out in various pillars the areas of focus for technology Ireland as we look to the future namely people, ESG factors shaping EU and international regulation and being led by the needs of our members in everything we do. Ireland's unique position as European HQ for many international and tech companies means that we have a responsibility to lead the way in shaping good, clear evidence-based regulation and to demonstrate best practice in the implementation of those regulations. Such leadership must begin at home. Ireland's position as a tech hub at the eyes of Europe and the wider international world upon us. This means we should have our finger on the pulse of developments internationally that will matter to our businesses tomorrow. That is why we envisage Ireland as a global regulatory hub and continue to call for increased governance capacities given the concentration and diversity of technology companies established here. Ireland and the wider world stands at a crossroads with crises and multiple fronts to fortify ourselves against the headwinds, Ireland must work in tandem with global partners to influence the shape of the policy landscape we want to do business in. In the brief of this event there were a number of questions outlined the first being how Ireland can achieve a balance in digital regulation in order to promote digital innovation and technological progress while ensuring a secure digital ecosystem that protects the rights of users. Very straightforward. Ireland's national digital strategy commits to building a strong well-resourced network of regulators to oversee and enforce digital regulations. Regulation will simultaneously ensure the safety of our citizens and promote innovation and progress. Technology Ireland supports efforts to increase trust in digital tools and to address the challenge of illegal content online. We support free and fair competition and efforts to ensure businesses and citizens can reach the benefits of a digital single market. Internet regulation is a balancing act between protecting fundamental rights like freedom of expression and privacy on one side and preventing illegal and harmful activities online on the other side. Government must embrace Ireland's role in EU digital regulation, build up regulatory expertise and lead on digital policy issues at EU level. Ireland plays an increasingly important role in the European digital regulatory framework and should leverage this expertise in relevant EU and international regulatory discussions. This will require Ireland to enhance its regulatory capacity to match its role and provide for a robust and predictable regulatory environment. Ireland must ensure that the suite of regulatory bodies that are required are either established where new bodies are necessary or the required functions are assigned to existing regulators. In either case, the adequate resourcing of these bodies to fully perform all their functions is essential. Ireland should also ensure that we have a harmonised regulatory environment and not try to reinvent the wheel and unilaterally introduce regulation in the online space, especially in areas where the European Union is going to or has recently introduced regulation. The European Union sought to achieve that same balance and while some argue it was not properly achieved in certain places, the very worst thing Ireland can do to upset that balance is to introduce another layer of Ireland-only rules and requirements for companies which overlap or contradict existing or planned EU law. For example, we've had the enactment of a landmark EU legislation, the Digital Services Act, which regulates online content and sets out responsibility for digital platforms to protect users. Simultaneously, we have an Irish legislative proposal, the Online Safety Media Regulation Bill, which seeks to do many of the same things. We hope the DSA will provide opportunities to enhance workable mechanisms of collaboration among all stakeholders leading to a safer online environment. The second question was to assess how cooperation between regulators across different economic and social sectors can establish a cohesive and robust regulatory regime. As an English-speaking country with full access to the EU single market as well as close cultural and political ties to the US, Ireland is ideally placed to be an EU regulatory hub for the tech sector. Positive features of the jurisdiction include that Ireland has a strong rules of law culture with a stable and pro-business environment. The EU has markedly increased its regulation of the tech sector in recent years, and under the country of origin principle, which is hard-wired into EU law, Ireland's regulator must assume EU-wide regulatory competence over the major providers that have established the EU headquarters in the country. However, industry asked the question is digital regulation a government priority in Ireland, and we would urge the UK government to be articulated that Ireland's role as a leading technology regulatory hub in the EU is enacted. One of the industry's great concerns is that where there are areas of EU law which are bumping up or overlapping, it is the duplicate effect of several different regulators looking at exactly the same issue and pulling a company in many different directions without adding any public good being delivered. This may not be possible initially, but it is something which should be to the foremost in regulators mind. As the greater the efficiency and effectiveness on the side of the regulators, than the greater the efficiency and effectiveness on the industry side as well, this ultimately will deliver better outcomes for all, including the public. The third question posed was how to assess how regulators should approach emerging technology. The third question posed was how to assess how regulators should approach emerging technologies to enable early adoption while maintaining regulatory protections. A pragmatic approach is required in particular with nascent or emerging technology. To ensure that small companies who begin to develop what may eventually be ubiquitous technology are not subjected to a regulatory burden which is unsustainable, however that is not to say that the basic principles of the rights of the user should be abandoned. Technology Ireland members support sensible regulation. Fact-based guidance from government, academia and civil society is also needed to establish boundaries in the area of new technology including in the form of regulation. For example, AI. There can be no sensible one-size-fits-all approach to regulating AI because there is no single use case for AI. AI is a multi-purpose technology which takes many forms and fulfills many purposes spanning a wide range of risk profiles. We broadly welcome the commission's decision to take a risk-based approach in the proposed AI Act. The heterogeneous nature of AI in its applications means a one-size-fits-all approach would be problematic. It is important to clearly define further appropriate safeguards needed for sensitive case uses while continuing to encourage innovation. We also support the use of sandbox schemes with well-established criteria to ensure effective access by businesses, particularly SMEs. The fourth and final statement was the central role in the global digital landscape including both the benefits and responsibilities that this role presents. Technology Ireland strongly supports the ambition in the national digital strategy for Ireland to embrace its regulatory role, strengthen its capacity and need more credibly in Europe. A modern cohesive well-resourced regulatory framework is important for the technology sector as it can allow high-tech companies trade across borders to consolidate their European operations in Ireland. Ireland's role is to operate as the lead regulator in the EU for many of the biggest tech companies across areas including privacy, cybersecurity, law enforcement and payments and very soon will take on a key role in online content regulation with the creation of the media commission. This is the right ambition but it needs an implementation plan to realize it and time is of the essence. We believe the next 12 to 18 months are critical for Ireland, in particular in the run-up to the next European government's mandate in 2024. Effectively implementing EU legislation on time, in particular the elements of the DSA that will fall to Ireland and related files such as terror content regulation and swiftly implementing the now over two years out of date AVMS directive and adequately and rapidly resourcing regulators who will be charged with implementing those laws will send a strong signal to the rest of Europe that Ireland can be trusted as a regulatory partner on the most important issues. There are a number of voices around Europe who for their own reasons are more and more vocal about Ireland's perceived failings in the digital regulation space. Further delay or prioritization of Irish regulation over EU regulation is likely to embolden these voices and could lead to significant changes to the role of small countries in the EU regulatory framework. There are challenges to the important role that Ireland plays in the digital regulation. It must work with like-minded governments to promote principles and defend priorities such as the country of origin principle. Thank you for your time this afternoon and I look forward to discussion that will follow. Thank you very much, Una. I think you've given another impassioned presentation on Ireland leading the way and having the capacity to take this role in the digital regulation space and I think you've set out the importance of that vision but also the need for funding, harmonization and cooperation working with others and asking the question for the government is regulation a priority? What has been our track record on that area? I think that's really important question may come back to it. I think your point about emerging technologies is really well made and changing all the time. We need to be agile but we also need to ensure that not only the big tech sector but the SMEs can respond in a timely fashion and I think in the context of national digital strategy your point about we've 18 months now to implement things I think that's really a good time frame and very helpful for policy makers that Anthony has made between making policy development and implementation so thank you very much for that contribution we now come on to our next speaker Gareth our first regulator today who is all set I'm sure for this thank you very much for being with us again Gareth who is the commissioner of digital regulations regulation part of this work in this area has worked extensively in the regulatory area but also worked in business in the energy sector now Gareth will outline I think this will be very helpful after our previous contributions the role of the various organizations agencies and departments involved in digital regulation in Ireland digital regulations have been doing to respond to increasing digitalization and growing amounts of digital regulation so we look forward to your presentation Gareth thank you very much I think there's a responsibility in me to try and respond to some of the questions that have come up before so I've a couple of slides it'll just try and steer me through that the first slide coming up then is just to talk and I think you mentioned the choice in your initial talk the digital framework and the government policy regulation works best when the regulators are in harmony with government and EU policy so it makes it a lot easier for us as regulators if that's all lined up I think we see this the digital Ireland framework as a recognition from government this is a really important area for the state so I think we got a lot of you know comfort from that and I think Ursula you mentioned about the credibility of regulation and we see this as the cornerstone of that credibility the challenge is to try and implement that and turn that into practice and that brings me then to Anthony's question about well how do we actually do this and the whole framework of regulation and maybe a couple of observations I'd agree with Anthony that it's better not for regulators to try and let markets work or markets can work and be very clear about why we are intervening in the market it can't be done in an ad hoc way that has very major negative impacts for the consumers and users as much as it can do for the industries in the sector so broad economic principles are great and Anthony mentioned about the energy sector and I must say having been involved in the energy sector at the European level we have to be very careful when we throw away the rule book that ad hoc intervention can make the problem worse rather than better so it's really important that we don't lose basic economic principles as we go through our regulation so let me just move on to the next slide where we talk about what are those interventions and why should we intervene and why is intervention important in digital markets and so the first thing I suppose is who is it we're trying to protect and I don't really like this term users but we sort of struggle we talk about consumers we talk about customers we talk about citizens I think the factor in digital markets and this is not just as individuals but also business and I think Ursula you had mentioned the importance of SMEs and I very much echo that but the point here and again Ursula I think you mentioned this is that one you know the user is engaging in products and services but they're also part of the product and service the data that they create the data that it's a two way process and I think we need to be particularly careful on that I'm sure Keen you know what we'll talk a bit more about that sort of you know the role of control of personal data as part of that process so we've tried to sort of come up with this it's always nice to have some simple terms to measure these things so we have five C's of digital harm it's probably not unique but it's a it's a core part of it anyway most of them will be obvious for you in terms of personal data consumer rights content which is a really important part of the DSA particularly competition is continuing to be in a growing area continue I'll explain a bit that digital services might have started as nice to have you know sort of additional things in your life but they're not actually become central parts of our lives you know my daughter lost her phone yesterday she's going by that I don't have to Google Maps I don't know how to get anyone you know so continuity is about ensuring that these digital services are reliable that they can actually you know as we start to build our lives on these digital services this is not just reliable from the content providers but actually down to the broadband itself you know the various channels there's been a lot of work on broadband and ensuring even the most pandemic there are many people listening to this now and they're relying on their broadband as part of that process so that it's just another area where we need to ensure that online harm is protected and we get that right balance as part of that process we don't sort of you know sort of impact negatively on some of the great innovation that we're now relying on so heavily so the next slide is to talk about what are we doing here in Ireland what are we trying to address some of these issues I think that these all these harms are cross cutting so it's very difficult to isolate them and talk about them as individual pieces they interact with each other and that means that we as regulatory organisations also need to interact and collaborate with each other and with this we set up a group called the digital regulators group this is the sort of core members and so we've got the CCPC with King he'll we'll talk about the data protection commission sorry King I nearly changed your organisation there the CCPC have got both the competition piece and they'll be involved in the digital markets act and obviously the consumer piece is central to them and I think there's been a number of discussions about commission demand and it's important as it gets established BAI have been very helpful and engaged closely with us as part of that transition and then ourselves and the telecom side but it's not unique there are other areas financial regulation there's lots and lots of digital impact on the financial regulatory side and there's issues like gambling you know what was becoming more and more online so we need to have very much share the experiences and knowledge here and the fact that this is done under the auspices of the ERN so we will feed back and we've got the chair of the ERN Robert here with us we feed back through the ERN the energy regulators and transport regulators so it's a collaborative sort of process right the way through the regulatory landscape but this is the core of these four members now we've set up and had regular meetings we've talked about our work plan we have a bit more formality about how we engage with each other and one of the things that I think has been a great addition is a formal engagement then with the senior officials we have some of the senior officials we see that as really important so that that collaboration is not just about regulation but it's also ensuring that the system-wide policy level and legislative level is working in closely with regulators and we're trying to help that process as much as we can so that's probably enough on that and maybe just talk then about we don't work at a national level in isolation so the next slide then we'll talk about the various groups that we contribute to at a European level and again reference back to Anthony when he talked and it was very nice to hear from the commission that the commission don't just talk to member states as they create legislation and we really value the fact that they actually come back to us as regulators at a European level and seek our input because in the end of the day we're the ones who have to implement this we're the ones who have to enforce it so it's really good at a European level that we're able to do that process but there's a responsibility on us as well then is to make sure through our respective organizations that it's informed legislation implementation and obviously the commission are a key part of that process as well the next slide talks about and Anthony mentioned specifically the data act and the AI act there's a whole raft of new acts coming and they do interact and I think it goes back to a point that did you mentioned earlier is how do we make sure that these aren't each in isolation and ends up with a raft of what might be perceived as a bureaucratic processes so that we can try and share and collaborate as regulators but we do need to make sure it's enforceable and we need to make sure that we will be tested possibly in court we need to make sure that our enforcement is robust I think it's interesting that it's important also that we reflect in the Irish system was probably not fully unique but it is different to many places in Europe that we have a common law system that has a certain level of due process and protection built into it but there needs to be a recognition that that has its own timelines and own mechanisms and it has to respect us and constitutional issues that have to be respected there so that just gives a flavor of some of the areas coming up I think generally as regulators we like to come with this not looking in the rear view mirror about all the problems of the past but try and anticipate in a forward looking way about what's coming forward in this and not to look at and anticipate harms of the future the best problem for us is the problem that we never had because we solved it before it happened that's what we like it's a big aspiration but that's what we want to try and deliver and I think I'll finish up very much Garth I think very positive note to end on to look at the future and learn from the past but I think you've also reminded us very clearly that we operate in the market and that's really important to look at that and the user engagement I think you know the definition of the user it is like the definition in many ways of the citizen isn't it you know what is the user who is the user because as you very clearly showed we're both product and a user as well and that raises a lot features that have been talked about today I like to foresees I have to say or five should I say control the consumer content competition and continuity I think that kind of gives a clear perspective and view on it but I also that issue and I suppose a number of people have raised it now that the importance of the interaction with regulators and I think it's a great initiative that you've taken with the ERN and great to see Robert here as chair bringing all the regulators together learning from one another sharing knowledge and that cannot be underestimated I think that's really important because the raft of new acts when you see that they've only come the last two years I think you know Anthony and all his colleagues over in Brussels have been working very hard over the last few years so I think your note about looking to the future is really important because we've learned a lot there's been an intensification and I think also our citizens users are much more aware now of the issues and are looking for leadership and I suppose the final note I think you made was that importance of linking in with policymakers and legislators that regulators are not isolated so thank you for that and King were you're the last and probably you've been mentioned most in the other speeches so I think it's good that you are the last speaker and you're very welcome keen as you know is the deputy commission of the data protection commission he's a barrister by profession and has worked for a number of years in this area and King will outline the work of the data protection commission in Ireland and examine the European framework which I think a lot of people have kind of alluded to today in which you and the commission operates and how this influences the your work so over to you keen and thank you very much you Joyce and thank you indeed to the IIA and ERN for organizing this event I think you all agree it's a very pertinent and interesting topic in light of that forthcoming wave of digital regulation that has already been mentioned and I think in discussing a balanced approach to digital regulation in Ireland we can definitely take a lot of very useful lessons from the first four and a half years GDP or enforcement and those lessons are what I propose to focus on for the next 10 minutes or so and while the context is of course data protection I think that many of the lessons will resonate with other regulators and so in particular I'd like to reference four different matters today firstly that one stop shop mechanism that Joyce mentioned and that's provided for under the GDP or secondly the challenges interpreting novel concepts under the GDP or thirdly handling complaints from data subjects under the GDP or and finally how the DPC interacts with other sectoral regulators and so starting with that one stop shop mechanism and this is a complex mechanism that seeks to provide cooperation and consistency in GDP or enforcement between the different member states in practice it requires all supervisor authorities to submit draft decisions on cross border investigations to the mechanism in an effort to find consensus so any of the 48 supervisor authorities around Europe can object to a draft decision and where it's not possible to reach consensus there is a dispute resolution mechanism led by the European data protection board as many of the large technology companies have their European headquarters in Ireland and it falls on the DPC in Ireland to bring draft decisions regarding those platforms to this co-decision making process so the DPC currently has seven draft decisions on large scale cross border inquiries currently in the co-decision making process these decisions include matters such as Facebook's transfer of personal data to the United States and TikTok's processing of children's data, Instagram's lawful basis for its processing personal data generally Yahoo's compliance with its transparency obligations as well as a number of other inquiries and as well as that there are a large number of inquiries that are very far advanced and that are close to making their way into that co-decision making process so the seven decisions that are currently in that co-decision making process concern a variety of different types of issues under the GDPR and some of them include proposed fines totaling hundreds of millions of euro so in terms of how the process has worked so far under the first four and a half years of GDPR enforcement firstly it's important to note that the DPC like all other supervisor authorities endeavors to reach a consensus position with the other 48 supervisor authorities what we know so far is that the process is very much resource intensive recently the European data protection board and the European data protection supervisor both wrote to a letter to the European commission and to the European parliament seeking greater budget so that the secretariat supporting the European data protection board can keep pace with the number of DPC large scale cases currently entering that co-decision making process it's also equally resource intensive for the various supervisor authorities involved including the DPC it's also very challenging to reach consensus in many cases and this is something I'll touch upon a little bit later but for those who are interested the DPC's annual report for 2021 details the authorities that have objected on cases up until the end of 2021 in terms of the lessons that we can take so far from the process the first lesson really is that any uncertainty in the law is problematic for this cooperation and consistency mechanism while the number of references to the court of justice of the European Union on data protection matters have increased dramatically in recent time most of the case law is still at member state level and most decisions by authorities under the GDPR do not root through this consistency mechanism so supervisor authorities are understandably anxious to ensure that decisions are consistent with their own domestic case law and also with their own positions that they've previously taken however this does create conflicting objections in many cases which elongates enforcement and makes it very difficult to reach consensus in some cases for example from the DPC's perspective and experience it is common to receive objections on draft decisions from supervisor from different supervisor authorities which contradict one another and not just the DPC's decision which put forward opposing views as to the correct application of the law and such conflicting objections inevitably lead to the dispute resolution mechanism in terms of providing a solution for this challenge I think that certainly in the law will help to bring consensus naturally enough this certainly will come from CJU decisions as well as decisions from the dispute resolution mechanism and it's important to note that the dispute resolution mechanism is part of that one stop shop process and its use reflects the novel and complex issues that we're dealing with the application of the GDPR is largely untested and the first big tests are going to be in this article 65 process as they have been so far and using the dispute resolution mechanism doesn't mean that cooperation has failed rather it's a way to find a resolution for example a good example of that is the data protection commission's WhatsApp decision the transparency decision contained a 225 million euro fine as well as a very significant order requiring WhatsApp to bring its processing into compliance and this decision was subject to a binding decision regarding how fines must be calculated by supervisory authorities this has brought welcome clarity to an important provision of the GDPR which has been consistently applied by all supervisory authorities ever since collaboration on early on in cases of strategic importance between supervisory authorities will also help to bring that consistency and help to speed up the process this brings me nicely on to the next set of challenges that we've encountered from the first four years of GDPR enforcement and that is how to go about interpreting novel principle based legislation in the absence of binding judicial authority on core concepts when interpreting provisions of the GDPR that are without clear judicial precedent regulators are left to interpret the law in a manner which best secures the effectiveness of each provision in light of its objectives the challenge of this task cannot be understated having regard to how the GDPR is principles based and seeks to provide a mechanism for balancing competing rights the GDPR does not contain prepackaged answers to thorneous questions relating to issues such as target advertising whether anonymity on the web should be preserved or how to secure global data flows that safeguard personal data while also allowing proportionate access consistent with national security requirements the list really goes on again in terms of bringing a solution to this interpretive challenge I think that regulators must embrace their role in bringing clarity to the law and raising awareness of the obligations on regulated entities the DPC recently published its decision regarding Instagram's processing of children's personal data which again included a 405 million euro fine and also included a very significant order requiring Instagram to bring their processing into compliance it has also published its fundamentals document for a child oriented approach to data processing which seeks to drive compliance amongst controllers processing children's data one of the DPC's decisions one of those seven decisions that are currently in cooperation and consistency mechanism relates to tiktok's processing of children's data so it's clear that this type of enforcement will continue if and where some compliance is detected so there really is a lot that supervises the authorities can do to bring clarity to the law and to bring awareness to the law and to enforce those standards even in the absence of a clear precedent the next point I'll mention briefly is complaints and I think that in terms of data protection regulators handling of complaints this is really crucial to providing a balanced approach to digital regulation under the GDPR or unlike in other areas there is an obligation under data protection commission and every other supervisor authority to handle every single complaint that it receives the bar is very low under the GDPR to lodge a complaint and under article 77 of the GDPR any individual who considers that processing of their personal data may have infringed the GDPR may lodge a complaint because there is no bottom threshold on what can qualify as a complaint we can be in receipt of quite technical infringement complaints for example access to data that was given after five weeks instead of the mandated for or complaints that disclose almost no risk to the individual in 2021 the DPC received over 10,000 queries and complaints and concluded 8,000 of those by year end however from the first four years of GDPR four and a half years of GDPR complaint handling we know that each supervisor authorities resources are limited and must be put where they can do the most good the DPC is regulatory strategy for 2022 to 2027 reflects this and clearly sets out the DPC's objective of prioritizing the allocation of resources to cases that have higher systemic impact on large numbers of people this approach seeks to ensure that complaints of less systemic importance do not disproportionately occupy the resources of the regulator when those same resources could be applied to systemic cases finally I'd like to just briefly mention the DPC's interaction and cooperation with other sectoral regulators the remarkably broad scope of data protection law creates a specific challenge and the GDPR has been coined the law of everything precisely because of how wide open it is as principal based technology and institutionally neutral law this leads to DPC's right remit extending to the processing of personal data by diverse organizations including those subject to specific regulation such as banks and telecommunications companies cooperation between the DPC and other regulators in Ireland is and will continue to be of paramount importance for safeguarding the rights of users of digital services particularly as competent authorities and coordination bodies under the various new EU digital laws are signed and on that note I will conclude by remarks thank you very much thank you very much Keane I think you ended on that note of collaboration collaboration and cooperation between and highlighted I suppose the broad scope of the GDPR I mean there was a time I can remember before it came in when we had lots of meetings here in the GDPR and we thought nobody'd ever you know get around it but in fact everybody in the country knows about GDPR and I think you've shown very clearly the complexity of how it works the whole issue of working with European partners and European decision makers and how that leads to other issues and challenges in round decision making and in terms of what you've said that the clarity is important awareness is important but also echoing a team I think that everybody has spoken about today is the importance of resourcing it adequately so that it can be delivered at the appropriate level it's interesting what you're saying I'm sure we've come to questions that for the next you know four years in your strategy that you're looking at prioritising the kind of complaints that the issues that so many people can write you about technical issues which take a lot of time but perhaps are not a high priority so thank you very much for giving us that overview and insight into the work you do and indeed the complexity of that so I'm going to hand over here to you first in the audience if any of you have questions we've lots of questions online but would you like, anybody like to start off here well if not do Robert thank you very much you might introduce yourself to those who don't know you sorry I'm Robert Maurek I work for the same body as Garrett works for Comrade I've got a question to Anton Bielan actually in the sense that you said commission is doing certain things where the country of origin or the country of destination didn't quite work has the commission thought more about giving the enforcement to to a European agency because that is a kind of a midway where you can have a European body overlooking a certain market but they could be based in the country where most of the players for example are present so that you in case of an exam to regime can have that a direct interaction a bit more and where you can have a specialised body so a specialised regulator let's say at a European level thank you very much Robert Anthony would you like to respond happy to do this and hi Robert we know each other well and there are two angles to this the sort of the practical angle if I can call it that is the one where you say this could bring you greater proximity to certain regulated communities I mean in tech I think I know where you mean it won't be so easy perhaps in other areas and in fact I think I saw Jeremy Godfrey put a somewhat similar question to me in the chat this may seem a bit joking but it's real at the stage of designing an agency you never know where its seats will be established and the process by which this is done is one that makes even Bismarck's reference to sausage factories probably pale by comparison so that's just a practical note of caution on what can seem a good idea on proximity to the customers where there is a bigger principle question about how we organize enforcement institutionally there are indeed ways in which you can give decision making powers to a European level body other than the commission I mean Kean has outlined a bit the quite complicated workings of the EDPB but agencies that direct decisions not to their members meaning to national regulators but directly to regulated entities is I think something that is institutionally quite complex without going into the legal stuff even in the banking area where we have banking authorities insurance and there's a third one on financial products the decisions are always if I'm not wrong formally taken by the commission even though they're prepared by the body so you get into new levels of complexity if you design that sort of solution but always open to new ideas thank you very much the rest of the panel would like to come in on this if not the question over here thank you very much thank you very much and thanks very much for a very interesting panel discussion just on the point just raised I remember that Ireland's initial response to the European commission's consultation on the digital services act was a proposal for an EU agency on that that's an interesting point of note but my question is in relation to something that Anthony raised which is that distinction between legislation and the application of legislation that the actual application of regulation and while the legislation itself may be harmonious in what it acquires the application is another matter and I'm just wondering what does the panel think are the biggest factors in this harmonious application of regulation on an EU basis is it culture is it capacity is it administrative law differences I'm just wondering what the perspectives are for the panel oh yes sorry Kiran Shanley from the department of media yes Anthony if you want to start off then we will move then to the rest of the panel okay I'm probably the least well placed because I'm precisely most of the time not involved in in the application but I have witnessed it with Gareth, Robert and colleagues in the BEREC functioning in my former life I think there is certainly a cultural difference I could see if you like geographic differences when BEREC was devising its guidelines on that neutrality which I referred to earlier different preferences on just how pure was one's understanding of the openness of the internet or of non-discrimination relative to openness to the benefit of commercial practices in that space so culture is certainly part of it capacity is certainly part of it I mean this is true not just in regulation but across the board in European policy if we only take a quite different area the spending of European funds that are entrusted to national management authorities in structural funds cohesion funds, things like that we have huge differences in what is called absorption capacity because of different levels not just of numbers of people on the payroll but of the actual skill sets and so on so that's certainly an area where we would urge member states to invest more and on legal differences I will maybe pass this one to Kean who I think hinted at it a bit already the legal standard to which national regulatory authorities are held whose decisions are challenged can vary so even though they're applying the same rules even though they may be coordinating them in one or other European process such as the DPP they may have differing levels of legal risk to articulate for in deciding when they're ready to adopt a defensible decision so I think it's clearly an issue as well and then maybe to Kean yeah sorry do you want me to respond? yes please I think this is a very relevant question because indeed what we need is to think about how can we address what we currently perceive as very much complete fragmentation of the application of European law and the enforcement of European law in consumer protection you see different approaches by different countries which may be cultural but may be also traditional in terms of how important consumer protection is seen also as a market policy or not etc etc I would like to mention we have a single market since 30 years on the 1st of January 2023 we'll have the anniversary of the single market 13 years but not the structure for also an equivalent enforcement of all these different legislations and rules is missing and only in the last I would say two years we see this discussion about what is a European enforcement structure of what is a European enforcement culture so we very much I think there is no way that we can avoid a certain increase of centralization of enforcement at least for European right cases or for very big companies we see in the GDPR that there is now potentially at least the European Commission has announced it in the workbook for next year a legislative approach to harm is an administrative procedural legislation and I don't think that that will address the full problem of the to a certain degree I have to say failure of the GDPR when it comes to fulfilling legislative objectives but it should at least facilitate some of the problems that I think he has also very much described as diversion approaches and it will help people because they will have probably more ideas about timelines and when their complaints will be treated the last point would be about minimum and full harmonization which in consumer law is a very important question for a long time we have been in favor of minimum harmonization which only gives a threat threshold to the member states let them go above to better protect people or to regulate differently if the minimum is respected but we see that in enforcement and in increased Europeanization of enforcement this failure is bad because cannot apply the law across the board in all countries equally because there are so many differences so I think we are also moving into that direction of more full harmonization, more regulation and a more coherent approach, thank you Thank you very much Thirstler Keane Yeah it's a great question so I think one of the GDPR's greatest strengths is that it's principles based but that is also something that creates challenges for harmonization so let's remember when interpreting European Union law there's an obligation to interpret it in a way that achieves the effectiveness having regard to its objectives and naturally enough in principles based legislation with a much clear judicial precedent different regulators and different regulated entities have different ideas as to how to interpret the law let me just give one example of this and how maybe we can solve that problem and that's the WhatsApp transparency decision that I already mentioned contained a 225 million euro fine which grabbed much of the headlines but really more significantly it contained a very important order and it brought clarity to the law in terms of what's expected from regular entities when communicating with data subjects and when providing them information just one transparency obligations under GDPR spread out under four different articles and they're very detailed just one of them requires that it's a very important one requires entities like WhatsApp like TikTok, like Google to provide information on the purposes and lawful basis and that particular provision doesn't go into much more detail but I suppose interpreting that provision in order to achieve the effective of what it's trying to achieve in the WhatsApp decision the DPC very clearly set out that that requires entities to give that information on purposes by referencing the actual processing operations that they're actually doing with the data and I suppose that's a decision that went through that cooperation mechanism that I already spoke about it's been through all the other supervisor authorities who have had a chance to object and very significantly following that decision not only the WhatsApp comply with that order that required them to change their transparency information but we saw a huge number of different controllers from all industries including entities like WhatsApp and including entities from completely diversity policy changing how they communicate with regulators so I think we have to remember after four and a half years of GDP enforcement we're still at a relatively early stage generally but decisions like that WhatsApp decision as well as decisions from the Court of Justice which we really are waiting for and will bring a lot of very welcome clarity to the law and will help to bring that harmonization but certainly I think the fact that the GDP or its principles based is the main challenge in terms of bringing harmonization around Europe but there are mechanisms in place to achieve that ultimately Gara thanks very much King I think it's quite to be mentioned already but maybe just to come back to that resourcing question I think it's not just about having armies of people it's about having the right skills and these are quite sophisticated skills but it's really important that we can tap into those skills that drives in some ways the culture of the organization as well so I think that and I think maybe part of that culture is a collaborative culture so it's not just that an individual regulator looks in isolation at their own piece of legislation but they think well how's this going to have an impact on other regulators and what they're trying to achieve and how does it work at an EU level but actually I think we need to think beyond that because the companies that we're regulating in this space they're actually global companies so we've done a bit of work recently sort of reaching out to regulators in the US in Canada so the western world I suppose has a collective interest in ensuring that there's a regulatory framework here that works for citizens everywhere in the western world and I say the western world because I think back to the legislative frameworks and the basic norms that we have are there and the concepts of regulation are common so I think it's quite important that we keep that collaboration it's the best antidote to a sort of a mismatch of application which I think will undermine the legislative objectives in the first place So I think from an institute perspective you know I think minimum harmonisation or just harmonisation in general is really what industry wants as you can imagine if you have to do business across 20 different member states and there's 20 different sets of rules it's very challenging and you know I think what will be most effective ultimately for public good and for business is to have kind of certainty and that's more consistent harmonisation and I fully agree I do think it does come back to you know somewhat of a resourcing thing as well and as you say it's not just numbers it's actually the quality of the skillset and that's really what's important Well believe it or not it's come to have to the bewitching hour and there's lots and lots of questions we could go on and on so I'm really sorry that we've had to cut it short and thank you so much to our speakers for your fantastic presentation to Anthony, Ursula Gareth, Una and Keane they were very very clear and exposed a range of ideas and what was really critical I think the learnings that you've got the initiatives that you're taking and of course the challenges and the words that came through loud and clear were cooperation, collaboration the appropriate funding of resources and that skillset but it's not all about money it's how you use that money who are the people it is about the talent the clarity of the law how important are the awareness and the learnings perhaps that we've come to from principle based regulation and so on and we can develop things in the future and I think the clear message also was enforcement how are we going to do that appropriately and I think from the consumer and the user and the business side that collaboration understanding of the complex nature of all of our involvement in this digital age is critical so I really like to thank you all for bringing that complex it's a day of delight and making it so simple and clear of what we had to do I'd like to thank our audience for your questions, sorry I couldn't get to all of them but time was the enemy here and I hope to see you on Monday again if you could come because we've got a really interesting webinar with Kathy O'Neill who wrote the weapons of destruction not destruction destruction all of us who are involved with maps will know what that was involved in but really she's going to look at some of the issues that were raised here today the age of algorithms and ensuring flexible and explainable fairness and I think that's obviously on the AI area so we hope to join us today but I'd like also to thank our team the IIEA this hybrid event I didn't realise there's so much preparation so thanks very much to our production team to Sarah Burkin Lorcan Mullally and if I may Lorcan is getting married next week and I'd like to wish Lorcan and his bride Alice all the best and every happiness and to even the colour and our communications and Tom Green and the administration and to Seamus Allen our digital policy researcher for all his hard work in getting this together so I hope you've all a lovely weekend and thank you again to all our speakers for a really memorable and powerful session thank you very much thank you very much bye bye