Wednesday, 6 June 2012

Wanted: a (British) patron saint for data protection

A very impressive crowd comprising the usual suspects attended the summer meeting of the Data Protection Forum today. I had the honour of chairing the proceedings, and thanks to the usual Data Protection Forum –style democracy, the Annual General Meeting went off without a hitch. Yours truly has been duly returned to Chair the Forum meetings for the next twelve months, and I am extremely lucky to be able to rely on the everso impressive Jenny Gallagher to share the Chairing duties with me.

If the cunning plans that I revealed to the membership, following some intensive brainstorming work by the other Committee Members, come to fruition, the Forum will be in a very different shape this time next year. Copies of these plans are available to anyone – well, anyone who fancies joining the Forum, anyway.

The main part of the day, though, was spent considering the data protection implications of “emerging technologies”. We data protection folk need to be as cool and as savvy as the current crop of school leavers. We need to understand what’s happenin out there, so we can advise on ways of remaining cool & wiv it.

Actually, this is hard. The pace of change is bewildering. This is both in terms of the computing technologies that are being developed, and the electronic toys that we will – and increasingly already can - buy to exploit these technologies.

Anthony Nagle from the London office of Morrison & Foerster gave delegates some extremely useful tips about the pitfalls of the way companies currently feel obliged to use social media. Olivier Proust had kindly travelled from the Brussels office of Morrison & Foerster to provide an update on the cookie issue, and how the key debates were being played out by different Member States. (Top tip – ask your friends what the Bulgarian implementing legislation provides, and then ask yourself how long it will be before the Data Protection Taliban wakes up to what they’ve done!) In my view, the international data protection community has excelled itself, and has created a monster even more complicated than transborder data flows to implement.

John Morrison, of Sapphire reminded us of the insatiable demand for employees, at all levels, to bring their own devices to work, and the security implications that follow. Finally, Gail Crawford, of Latham & Watkins, reminded us that most of this stuff was likely to end up being processed “in the cloud” , and the implications of this were still unknown. It made me think whether, given the trajectory of the pace of technological change currently taking place, we should actually first try and understand the implications of these technologies before designing laws that are supposed to regulate them. Or should we continue on our current path, which is to amend current laws before we really know how the new technologies will be capable of being applied to them?

Fear not, I suggested. We data protection folk are hardy folk, and we’ll all enjoy careers for life – and this ought to bode well for the future of institutions like the Data Protection Forum.

One issue was nagging me throughout the day. It’s been mooted that the British data protection community needs a patron, someone to whom everyone could look to for inspiration and guidance. Should we extent invitations to the established legends of the British data protection world? People like Eric Howe, the first Data Protection Registrar? Or Elizabeth France or Richard Thomas, both former Commissioners? It would not be fair to invite current ICO folk as they are currently too close to the game.

My view, for what it’s worth, is that our first patron ought to be someone like the legendary actress Thelma Barlow. Why? Because of her catch phrase as the incomparable Mavis Riley in Coronation Street. That lingering phrase, raising to a crescendo and then tailing off into ... futility ... “I don’t really know” –is one that is likely to cross our lips with increasing frequency, especially when we are asked if we know whether the European data protection regulators are likely to develop a common position on so many of the important emerging issues of the day.

The September session of the Data Protection forum, scheduled for 12 September, promises to be a cracker. Get in touch if you want some advance news on those who will be astounding the delegates with their amazing insights into the way regulators develop opinions – and then have their minds changed.

Image credit: