Tuesday 8 May 2012

The news from Berlin

This week's premiere data protection conference has just been held in Berlin . An impressive event, attracting the cream of European data protection society. A useful opportunity to catch up with old friends and to spread the latest gossip. We data protection folk can be quite indiscreet, when we want to be.

Let’s start with the round up from the European Commission. Vice President Viviane Reding couldn't attend, but she kindly sent us a video message. Perhaps she was tired of meeting the many familiar faces that were there. Lots of familiar and welcome stuff. Modern rules for a modern age that are easy to understand and easy to apply. The new rules are, evidently, to allow local rules, in particular areas, as well as the mythical one rule to rule them all. It's going to save us all billions of Euros and its going to cut red tape. Yes it will. Honest!

The message was repeated by the author of that Regulation, Thomas Zerdick. But he also admitted that he did not expect, to see data controllers enjoy a reduction in their legal fees as, in his words, “the concepts are not simple." You can say that again. However, he also stressed that "we will cut red tape for businesses".

European Data Protection Supervisor Peter Hustinx
was up next, emphasising the need for more effective and consistent data protection - on the ground. We must keep an eye on the big picture to understand if the protection is working. Not on the details. And only intervene when it is necessary, and do this effectively. Be selective to be effective. Not micro management.

If you closed our eyes, for a moment it could have been Richard Thomas who was speaking. And then Peter explained that data controllers have to take reasonable efforts to haul back data once it has been unleashed on the Internet. To my mind, this is an awful lot harder than it sounds. But then again, everyone knows this.

In a more outspoken section of his speech, Peter noted (without mentioning names) that some regulators are courageous and strong, but in other countries they are weak and virtually invisible. He wants a single answer to create regulatory consistency.

Information Commissioner Christopher Graham then announced that the ICO had done its sums and had worked out that his office might realistically require additional budget resources of an additional £27 million (an increase in resources of some 180%) if it were to expect to carry out all of the tasks that are currently specified in that Regulation. And, as this is not going to happen, the Regulation has to be less interventionist. The answer is staring us in the face. Data controllers should be held account in ways determined by the data controller, not simply by ticking lots of items on lists prescribed by the Commission.

More worryingly, Christopher Graham pointed out that all of this stuff needed paying for by someone. And who? Presumably by data controllers who wanted special services. Like Binding Corporate Rules. Or, perhaps, by conference organisers who wanted regulators to speak at such glamorous events.

Unfortunately, the point about the very prescriptive nature of that Regulation was not really echoed by Axel Voss, one of the 7 key European Parliamentarians who will play a critical role in scrutinising the proposal. But then again, of these 7 parliamentarians, 5 are Germans, while a 6th (a Greek MEP) also speaks fluent German. So I would not be surprised to learn of pretty intensive efforts to ensure that the European solution retained a good dose of German characteristics. Although keen to distance himself from the "German Data Protection Taliban", Axel seemed to be in favour of the concept of reducing the text to concentrate on principles, while simultaneously aligning everything with sanctions and controls. I have no idea how you can reconcile both concepts at the same time.

More was said, in private, about the real timetable that is being set for the Regulation. And it would be really rude of me to be too indiscreet in this blog. All I'll say is that I'm not holding my breath. I've still got plenty of time to make my points.

As always, the real value of events such as these came during the refreshment breaks, when quiet chats cemented valuable friendships that had been sparked in the conference hall. So, roll on the next big data protection event.

Which, for me, takes place first thing tomorrow morning, in Central London.

There really is no rest for the wicked.

Travel credit:
All credit to the BAA crew at Heathrow's Terminal 5. The flight touched down at 9pm and with 35 minutes I was on the tube, heading home. I did get do a TV vox pop today on airport delays - but this was for German TV, at Berlin’s Tegel Airport. Over there, the airport authorities have just been told that they are not allowed to close the place down as scheduled, because Berlin's new International Airport now won't actually be ready on time. Apparently, the new airport authorities haven't done enough to get the right type of safety certificates. If German athletes are as fast as these German safety workers, then they aren't likely to be returning home with many Olympic medals later this summer!

Image credit:
While German regulators may be less than enthusiastic about Google's street view service, German artists evidently have no issues commemorating Berlin's cartography.