Monday 23 August 2010

MoJ officials in listening mode

In a move that may well dismay civil servants working for administrations in some other EU Member States, the data protection team at the Ministry of Justice is so keen to assemble a body of evidence to support the UK’s case for reform of the Data Protection Directive that it’s not only asked for stakeholders to write in with their views, but it’s also hosting a series of workshops - to give stakeholders an opportunity to explain their views and have them debated. What a great idea. There’s probably still time for the civil servants in the other Member States to extend the same courtesies to their own stakeholders – but I wonder how many will.

The first set of workshops was held today, in Petty France. That’s the name for the building that used to house the Home Office (and is now the home of the MoJ). It’s recently been gutted and completely refurbished, and has become a very pleasant place to work. The old Home Office got so grotty that I often wished there was a mat by the front door – so the visitors could wipe their feet as they left.

In the spirit of these harsh economic times, no free lunch was served today. But the staff restaurant is extremely good. Some of us who were saying for both morning and afternoon workshops enjoyed a hearty meal there, rather than braving the rain to sprint over to the sandwich shops.

Anyway, back to the plot. The purpose of the workshops today was to enable data controllers, and representatives of organisations that comprised or serviced the larger data controllers, to present evidence which supported their views on matters relating to subject access requests and the costs of compliance, and also on the powers and penalties of the Commissioner. (I'm sure that other events will be held which will offer a similar platform to other groups of stakeholders.) None of the evidence was offered on Chatham House grounds. What I mean by this is that those who spoke were prepared to be accountable for what they said. And what they said was noted down by some awfully smart people, whose jottings will, I’m sure, be made available to the wider (data protection) community in the fullness of time.

None of what was said today will come as a surprise to the close observers of the British data protection community, although it may well appear a bit odd to people who are used to the workings of other jurisdictions. We Brits can be a passionate lot – and also quite a pragmatic bunch too. We like following general guidance, but we like the flexibility to do things in culturally appropriate ways. One size does not necessarily fit all. We like common sense, and having the confidence to apply common sense, rather than stick to rigid rules which could, if followed to the letter, result in perverse outcomes. We’re also quite a sociable bunch, so we like chatting to regulators to see if things can be sorted out informally, before anyone has to put their head above the parapet and go on the record. And, having a flair for theatricality, we also like it when someone wields a big stick, or when someone gets locked up. That makes us all feel better (unless we’re on the receiving end of the stick, or have just got ourselves locked up).

There was general agreement about issues relating to subject access requests – and I’ll leave it to the carefully crafted words of the rapporterus today to announce just what it was we all actually agreed on.

And as usual, we went off-piste, so to speak. You know what data protection professionals can be like. We weren’t asked for our views on data protection registration and notification issues, but we provided them anyway. We could all see the point in letting the ICO know who we were, roughly what we did, who the ICO should contact within the company when it became aware of a problem, and also how we were going to pay the registration fees. But that was about it. We couldn’t see much point in providing any more information on long and complicated forms – especially if that prevented lots of staff from the Commissioner’s Office from being able to escape from the drudgery of the Notification Department and be set free to work on the sexy stuff – like actually offering data protection advice, or helping resolve complaints.

More workshops at the MoJ are scheduled, and I’m looking forward to attending at least one of them. And of course I’m also looking forward (as we were all reminded a couple of times today) to sending in written comments, and real evidence, too. Feel free to write to Kavita Perry at as well - we've all got until 6th October before we have to start asking for the deadline to be extended.

And, most importantly of all, I’m really looking forward to empowering the teams from the MoJ to engage with their European counterparts over the coming months. I want to do my bit to ensure that these guys really do know what they are expected to be talking about. They’ve looked us straight in the eyes, and they are taking the opportunity to understand just why it is we think the way we do. To civil servants in foreign climes, who prefer a more hands-off approach to those whom they wish to regulate, this British way of doing things may not be sufficiently pure in terms of developing data protection law and theory. But believe me, it tends to work awfully well in practice!

[If you want some hints about the sort of evidence the MoJ is after, take a quick squint at]