Sunday 26 June 2011

An un-British way to revise the Data Protection Directive

Saturday – I headed west, out of London, to enjoy an evening of “music for a summer evening”. Coldplay at Glastonbury? Nope, this was the Orpheus Sinfonia at Hungerford. Think of Glastonbury as it ought to be - not too many people, no muddy fields, just glorious and peaceful surroundings in which to enjoy a picnic before the concert and during the interval – and as the food was settling, to hear 60 excellent musicians play a programme featuring some of the best of Vaughan Williams and Elgar. And superstars in attendance? Well, the soloist Tamsin Waley-Cohen was playing her 1721 ex-Fanyves Stradivarius violin. And I don’t think you’ll get much change out of £7 million if you fancy buying an instrument like that.

Fantasia on Greensleeves, English Folk Songs, the Enigma Variations, Pomp & Circumstance. You can picture the sort of evening – and the emotions that were welling up in the audience.

It was all so heroically English that I began to really appreciate the problems that our chums in Brussels are going to face if they really think that they are going to be able to create a legal instrument restating the basic tenants of, and introducing some fundamental tweaks to, European Data Protection Law any time soon. We Brits can be an extremely stubborn lot. We know what we like and what and how much leeway we like to give the State over the lives of its citizens. Rules exist to be honoured (ie not always followed), and British traditions are unlikely to change quickly.

I firmly expect citizens of every other EU Member State to have equal passions about their own local cultures. And why not – they are just as proud of their heritage as we are. So, given the uneven economic circumstances currently prevailing in the EU, I doubt that many people are looking forward to the EU Data Protection change curve with much vigour. What changes could we accept, and what practices will we defend to our utmost?

As far as the "welcome" changes are concerned, I suspect that the only way the EU is going to whip up much support for any changes are those that are designed to put right the injustices that have obviously been dealt against the European public by some of those larger non-European based organisations. Who they? Step forward the social networkers and, naturally, Google (would allege the Eurorcats). Expect some hefty rhetoric about these guys soon. What we could get to agree on is what we don’t like. And how will this be done? Possibly by portraying these guys as having taken taken us for granted, and they will be exposed as having using their sneaky software to spirit away our privacy in return for letting lots of EU citizens have free stuff and just have fun.

What I expect the EU will want is for the fortress walls to be built a bit higher, so that EU citizens could have a safer time – put possibly a more boring time too. Before citizens get to play with the “free stuff” there will be more pages of warnings, information and other regulatory material to “accept”. Citizens will be expected to know what it is they are consenting to. And if anything goes wrong the regulators will have stronger powers to wield against the bad guys. The regulators probably won’t get the extra resources they need to properly exercise these greater powers, but that’s another story.

If I was an eurocrat looking for change in the data protection sphere I would plump for:

1) Greater awareness of how someone’s information is shared on-line.
2) Ways of preventing too much centralisation of information, so that people could maintain as many on-line identities as they required.
3) A way to overcome mistakes, - like a “IP tippex”, so that personal reputations can be rebuilt following a faux pas.

But I’m not that confident that this is what will be achieved.

If we’re not careful we could be looking at a proposal for a revised EU Data Protection Directive which made changes just in terms of the process which data controllers need to follow to ensure that an activity is legitimate. But surely we don’t want to focus on processes; we want to focus on outcomes. People who are quite conservative tend to love processes – and the more processes you can develop, the more you will have to rely on people who can explain these processes to them. But, unfortunately, the more you focus on the process, your mind drifts from concentrating on the fairness of the actual outcome.

I would prefer to think in wider terms – by suggesting that it’s just as important to develop a pragmatic and moral attitude to making sure that the ultimate goal is achieved, rather than trying to micro manage every step which must be taken in order to reach that goal. I don’t feel comfortable in cultures which announce that the steps which have been specified are the only ones which it is legitimate to take. I prefer a more flexible approach.