Wednesday 11 December 2013

The great fallout over the One Stop Shop

You thought it was going to be easy? You thought the simplicity of the “One Stop Shop” concept was a done deal? You thought the attractiveness of a data controller being subject to the whims of a single regulator was too good to reject?

Think again.

Last week’s shenanigans at a meeting of the Justice & Home Affairs Council laid bare the catfight that is going on behind the scenes.

What is at stake, when a data controller is subject to the whims of a single regulator, is that other national regulators lose their influence over that data controller. Which is not an attractive thought to regulators with a history of high profile spats with data controller who may soon find themselves subject to the exclusive jurisdiction of someone else.

This isn’t about joined-up regulation. This is personal. This is about the size of a regulator's job.

I expect that some of the 28 regulators (and national Governments) have carried out a few calculations on the back of a fag packet. They’ve looked, say, at “the big seven” (Apple, Facebook, Google, LinkedIn, Microsoft, Twitter & Yahoo!) and have asked themselves which regulator [and national Government] will have the honour of regulating them, and which 27 regulators [and national Governments] will lose out.

And I expect that some regulators [and national Governments] really don’t like what they’ve learnt.  Indeed, they like it so little that they’re sinking the current proposals and hoping that a more favourable deal (for them) will emerge next year.

What better way to mask this political fight than by means of a legal spat where teams of lawyers can squabble over the application of the Human Rights Act? What better way than an argument over the extent to which the fundamental human rights of European citizens is threatened should someone be required to use a regulator based in a foreign country to help enforce their data protection rights? What better way of deferring a political approach to a sticky issue than waiting for the outcome of a common view among legal professionals as to what the law is. (And we all know how quickly it can take legal professionals to reach agreement on sticky issues such as what the law is.)

Is the spat really about a fear that citizens won’t be able to easily contact regulators in foreign countries?

If anyone wants an example of how this might work in practice, they should take a look at the ICO. It may be based in England, but the Welsh and the Scots have had absolutely no problems in getting an English regulator to enforce their rights.

No, the spat’s really all about the losers. The consequence of the One Stop Shop is that some national regulators will be demoted. They won’t have the influence they currently enjoy over some of the world's largest data controllers.

They don’t like that.    

And some losers especially take exception to losing out to the national data protection regulator whose offices are situated above the shop in today's image, which is at Canal House, Station Road, Portarlington, Ireland.

Here is a link to the televised proceedings at last week’s Justice & Home Affairs Council. It was originally published by the great Chris Pounder (of Hawktalk fame). If the link no longer works, please search using: 3279th Council meeting (Justice) - Legislative deliberations Friday, December 6, 2013 at 9.30.