Monday 9 December 2013

The future of privacy - according to Eduardo

If the mighty Eduardo Ustaran were to write an essay to explain why he should be appointed Information Commissioner when the current incumbent’s term expires, then relax. We would be in safe hands.

And how do I know? Well, I’ve just read his new book, “TheFuture of Privacy”, which ought to find itself into the hands of all those who think seriously about how the privacy business is regulated.

 In a mercifully short work (I’ve read Article 29 Working Party Opinions that are longer), Eduardo address privacy from a variety of perspectives, and packs in some very powerful points. By advocating some pretty controversial stuff, and by making it very clear what he thinks about the European Commission’s proposals to update the current Data Protection Directive, he’s definitely been excluded from the European Commission’s Christmas Card list.
Now and for ever.


Because the book is littered with a lot of very sensible observations, and he bares his soul shamelessly with his readers.  He prefers principles to prescription: “Relying on principles to safeguard something so important may not be the perfect solution, but we should be looking for effectiveness not perfection.” He sees Privacy By Design as: “An attitude, more than a set of rules.”  He sees Privacy by Default as an unworkable concept (as an absolute principle) in a data rich age. He considers that recognising diversity is all too often a passing thought, rather than a guiding principle.

And, more music to my ears, he believes that: “The law should be geared towards incentivising compliance by supporting those who care about data and the people to whom it relates.” What is important is regulating behaviour, not regulating technology. In a swipe at the regulatory luddites, he exclaims that: “Laws should be geared towards achieving certain outcomes such as incentivising compliance, empowering individuals or preventing harm, whilst facilitating progress and technological innovation.”

There are plenty of other good bits, packed into 131 pages. But I thought I would leave the pleasure of coming across them just to you. There will be no more spoilers in this review.

So, if you are a serious data protection professional who is sick of reading books that just explain data protection laws, then this is the book for you. Eduardo’s aim is higher. What should be the point of developing public policy in this area? What is the meaning of (data protection) life? How many privacy commissioners does it take to change a light bulb? If this is the sort of stuff that keeps you awake at night, then keep a copy by your bed.

The Future of Privacy, Eduardo Ustaran, release date 25 November 2013 - £19.99 + P&P

End Note:
Ok, Eduardo does not explain in his book how many privacy commissioners it takes to change a light bulb. But he does provide the reader with a range of really thoughtful insights that remind us of the importance of global data flows, and the futility of drafting complicated rules that hardly anyone understands and virtually everyone ignores.  So, if, due to his overriding commitments to the most important people in his life, his wife and his family, he would find it hard to take on the role of a globetrotting Information Commissioner when the current incumbent is no more, on the basis of this book, I would happily appoint him as my Deputy should I get the job.

I can offer Eduardo no greater compliment this Christmas.