Wednesday 14 March 2012

That Regulation: the red lines emerge

If you were at, or had dialled into, yesterday's meeting of the Data Protection Forum, you would have appreciated the political significance of what was being discussed.

In a historic first for the Forum, speakers from equivalent data protection organisations in France and Germany had travelled to Central London to share their thoughts about that Regulation, and to see what common ground existed between them.

What very quickly emerged was a shared determination to ensure that local citizens could continue to enjoy the standards of data protection they had grown to expect. A "one size fits all" approach is a complete non starter. Until, that is, Member states are abolished and we all become grateful citizens of the European Union. But we are absolutely not there, yet. And as discussions turned to how local laws would need to be enacted to take account of very important bits of data protection law that were missing from the current draft, the more the logical inconsistency of such a thing as a Regulation became apparent (at least to me). Who can describe to me the practical difference between a legislative package which comprises (1) a Regulation and a bunch of local laws to meet local needs, and (2) a Directive and a bunch of local laws to meet local needs?

What also emerged during the discussions was how very different was the role that was played by Data Protection Officers in three countries. This is in terms of their legal standing, duties and their working relationships with local data protection authorities. If the new legal instrument is to require certain organisations to have such an animal, is it to look more like the German, the French or the English DPO? Given the (potentially) very significant role that such animals will play in future, it is vital that Member States get this bit right. Especially if these DPOs are to have fixed contracts. How will a DPO act if they spy something dodgy, say, just six months before their contract is due for renewal? Will concerns about not having their contact renewed cloud their judgement about the most appropriate course of action to take?

Surely not!

I don't intend to go into any greater detail about what was discussed as that might only forewarn our chums in Brussels about what's going to be hitting them. So no, I will keep my powder dry. If you want to know more about these vitally important issues, all you need to to is become a member of the Data Protection Forum and witness at first hand how policy is developed. Forum members now understand what's about to happen, and why. My other readers can just sit back and marvel at the way things are about to unfold. Or unravel! With membership at just £150 for 4 meetings a year, this has to be the greatest value around for anyone who is serious about data protection in 'Blighty. More information about the Forum and how to join it is available here.

Perhaps I should just plant one thought with the Commission officials before I end today's blog, though. Just as a taster for things to come: There are some data protection rights that are too important to be entrusted into the hands of the European Commission. In fact, they are so important that they will be left in the hands of Member States, whatever the Commission thinks.

Image credit: