Saturday, 4 February 2012

Stage 2: Consultations commence on the General Data Protection Framework Regulation

Somewhere, in a basement hidden deep under the offices of DG Justice, must be a War Room with a special data protection chart. I can imagine a huge wall, upon which is beamed a copy of the proposed General Data Protection Framework Regulation. And by each provision is a coloured spreadsheet indicating how the various sate of stakeholders view each of the proposals, and about the links that are emerging between these stakeholders. That spreadsheet might well compare the views of the regulators, ministers, local politicians, Euro politicians, and perhaps even significant data controllers and significant groups of concerned individuals.

When you read the current reports of initial reactions, is seems that the signs are already there of different stakeholders disliking different things. Do all Regulators like the concept of “one regulator to regulate them all? Not, from what I’ve heard. Is everyone happy that an inflexible Regulation is still absolutely necessary, and that the discretion which has been afforded to the law enforcement agencies as they implement their equivalence measures my means of a Directive is not appropriate for the rest of us? Again, not from what I’ve heard. Does personal data breach notification work? Not yet. Are the sanctions appropriate? You must be joking.

So, the next issue we need to address is one of transparency.

How will the stakeholders really learn about the views of the other stakeholders? I can't keep up with all of the invitations I've had to attend the initial meetings, and I certainly can't maintain a grid of the various diverse opinions that are emerging all by myself. If I were in DG Justice, charged with getting something on the statute book, I would not be encouraging these stakeholders to meet too frequently, just in case they got a bit powerful and threatened to derail the Parliamentary timetable that has initially been sketched out for his initiative.

And what is that the stakeholders really want to do?

I expect that the first thing the stakeholders will be doing is digesting the draft, and they will then reach out and explore the possibility of making alliances with unusual sets of friends in order to achieve what is known in the trade as a blocking minority. It’s a matter of ensuring the Commission can’t get sufficient votes to pass my pet hate proposal, as it will need a particular percentage of votes to get it through the Committee. And then, what is likely to happen is that various groups of interested parties who can almost get a blocking minority against their pet hate will negotiate an informal liaison with another group, so both groups can achieve their aim to have their pet hate blocked.

This may be messy, but it’s the stuff of daily politics. Please note – it’s not the stuff of political principle. It’s the stuff off political expediency. No-one will be totally happy with whatever emerges.

And we should not be so naive as to assume that negotiations will just concern opposition to this measure. We can fully expect various groups of stakeholders to negotiate strategic allegiances across various EU proposals. The Spanish might welcome support from the Slovakian representatives on a point of data protection law so long as they both agreed to oppose an obscure point in a proposed agricultural farming subsidy regulation.

I really can’t predict the outcome of this stuff yet. It’s much too early. Think I know where my prejudices are, but I’m not sure how many others share them, yet.

So, the next steps are pretty simple. We all need to talk so that the policy oiks in the DG Justice War Room get to work completing the grid. Then we can see what sort of a state we are in, and assess the chances of creating a draft that is less objectionable.
How will these meetings take place?

I’m already aware of a range of informal briefing sessions that have been set up by the usual legal firms. I expect the Information Commissioner to refer to the issue at his Data Protection Conference, which he will be holding next month in Manchester. The Data Protection Forum’s meeting on 13th March in central London is likely to be addressed by representatives of the French and the German Data Protection Officer Associations (AFCDP & the GDD) as well as (fingers crossed!) Lord McNally, the minister responsible for Data Protection. The Forum also hopes to get a speaker to explain what the proposed changes might mean from the point of view of the regulator (they’re trying to get a former senior ICO official for this one) and there could be an additional surprise guest, too.

And after we’ve talked, a real difficulty could lie in finding the resources to ensure that the right messages are sent to the politicos and officials who are to be involved in the next round of the negotiations. I’ve got some spare time on my hands now, so would be very happy to help, if anyone wants to ask nicely.

Somewhere, deep in my archives, I think I have the best invitation to a consultation exercise on a data protection issue that was ever created by a Government Department. I’ll dig it out soon, and publish it – with a challenge to anyone else to propose a better invitation.