Sunday, 20 January 2013

FPF slams some of the Commission’s proposals



Three white papers have just been published which ought to give the European Commission some angst, as it polishes its proposals to reform European Data Protection law. 

You should like them. At just 11, 7 and 10 pages long, they are concise and pull no punches. Authored by Omer Tene and Christopher Wolf of the Future of Privacy Forum, they are essential reading for anyone who tries their best to keep up with the latest plans to amend the current Data Protection Directive.

The papers do, however, contain a fatal flaw that might well be used by those who hold different views to ensure that they are widely ignored. But more about that later.

First, the papers. 

A  paper on the costs and paradoxes of explicit consent concludes that there is a the need to provide individuals with greater transparency and control over their personal data, but: “By restricting organisations’ ability to rely on implied consent without at the same time simplifying the ‘legitimate interest’ test, the GDPR elevates form over substance. Much like the amended cookie provisions in the e-Privacy Directive, this will result in formalistic compliance without delivering individuals meaningful transparency and control. Consent should not be treated as a one-size-fits-all model; it should be tailored to the context of a relationship or transaction and tied to the sensitivity of the data as well as the societal value of its use.”

A paper on the definition of personal data criticises the binary nature of regulation – that regulation only applies when the specific information fits the technical definition of ‘personal data’: “European law should avoid a rigid distinction between personal and non-personal data based on strictly technical criteria and divorced from the circumstances of data collection, retention, and use ... The GDPD should introduce the concept of pseudonomised data and give it credence by allowing the processing of such data without consent. This would prevent organisations from pursuing a perverse incentive to identify individuals strictly in order to comply with data protection law.”

A paper on the jurisdiction and applicable law proposals comments that the Commission’s proposals to extend their extraterritorial application: Constitutes a dramatic shift from a country of origin to a country of destination approach, and portends general application of the GDPR to the entire internet.” The paper argues that: “Overextension of EU law to apply to the entire internet is excessive. Such a move will result in a framework which is unenforceable and infringes upon principles of comity, interoperability and international law.”

All this, from a pragmatic perspective is common sense and ought to be supported. I’m looking forward to attending a debate in Brussels next week where some of the Gods of Data Protection will be present to debate this stuff. 

Just how might the opponents rubbish them?

Well, the documents do contain a flaw that could be fatal in the eyes of their detractors. You see, the Future of Privacy Forum is a Washington DC based think tank. Yes, it may be led by internet privacy experts Jules Polonetsky and Christopher Wolf, and include an advisory board comprised of leaders from industry, academia, law and advocacy groups. But, it is still an organisation that has its roots in America.  If it really wanted to enhance its credibility within Europe, it should move its headquarters from Washington DC to Berlin. Or Paris, at a push.  

The mere whisper that all of this common sense is coming from overseas, rather than from within the European Community, ought be enough to ensure that the opinions and conclusions are ignored by the Sado Dataprotectionists. [See my blogs of 8 and 10 November 2012 for a fuller description of this sect.] 

'Perhaps this is just special pleading from America, home to some of the greatest data protection offenders of all', the rumour will run.

And that is a pity.

But I am looking forward to the verbal equivalent of transatlantic data protection fisticuffs in Brussels next week as the papers receive their first public debate. I am also looking forward to reporting on some of the better soundbites.


Source:
http://www.futureofprivacy.org/2012/12/20/eu-roundtable-discussion-white-paper-launch/

.