Wednesday, 8 February 2012
That regulation ... and the next steps
I do ike attending these briefing sessions (when I can), as it reminds me what a rich amount of material we all have to work with over the next few years. Every speaker I’ve heard has had some extremely interesting insights to make, and all have presented a slightly different reactions to (and interpretations of) the proposals. Next week, I hope to have the pleasure of attending the Field Fisher Waterhouse event, and a couple of less high-profile briefing sessions, too.
If I were a Commission official responsible for drafting the document, I wouldn’t worry too much. Not yet, anyway. Now the identities of the key players who were behind the drafting are know, it’s pretty clear why the principal changes to the Directive we have grown accustomed too since 1995 will be oddly familiar to those who practice German, Belgian, Dutch and Spanish data protection law. But I’m not here to make personal attacks or smears about people’s nationalities.
No, now is the time to roll up our sleeves and workout where to go from here.
For what it’s worth, I hope that we will make a start by considering the claims that Commissioner Reding has been making recently. A lot of what she has been saying is very encouraging, and we need to make sure that we don’t waste this golden opportunity to put right many of the difficulties that have emerged as technology (and customer expectation) evolves.
It would be wonderful to have a new legal framework that takes account of the realities of cloud computing, and of data controllers that will have a legal existence outside the geographic boundaries of Europe, but a huge influence within. It would be wonderful for the principle of accountability to be launched properly, and for people to be able to do something when significant events occur that result in their confidential information being compromised. It would also be wonderful if bureaucratic burdens that were more designed to ensure that boxes could be ticked following some ritual or other by various sets of officials, could be removed.
The trick, I’m sure, is going to be trying to ensure that the costs which are imposed by the proposal are outweighed by the benefits that will be realised. And I don’t care in the slightest bit today about the costs that data controllers will face. After all, this proposal will create many more data protection jobs for a very long time. Hurrah! Jobs for life – and I’m not kicking that concept.
No, what I’m much more concerned about is ensuring that the people who will end up meeting these additional costs (ie the great unwashed) actually feel that the additional protections which are supposed to be provided to them represent value for money. And, that these protections don’t, perversely, have the effect of stifling innovation, so that people outside Europe actually get to enjoy better services at cheaper costs than those of us in Europe. I really don’t want to design a “fortress Europe” where life is actually much nicer for those outside the fortress than for those trapped within it.
And this is where I think the Ministry of Justice has played a blinder. By urgently calling out for evidence from some of the usual suspects about the costs of compliance with the text as it is now drafted, we all ought be able to learn a few things when that evidence has been reviewed. It has asked for the evidence by 6 March, and hopes to publish the results on 4 June. So, start writing for England, folks!
But why 4 June? Well, remember, that day is a Bank Holiday, and it falls during a special four-day Bank Holiday weekend to mark the Queen’s Diamond Jubilee. It’s also the day after a specially constructed Royal Barge will lead the grandest river pageant for more than 300 years, featuring 1,000 boats and up to 40,000 people on the River Thames, which is expected to attract more than a million spectators.
So, what finer present could the Ministry of Justice offer our Monarch on 4 June than a specially bound copy of the results of the call for evidence? Come to think of it, if anyone is doing anything in the offices of the Ministry of Justice on 4 June, I’ll be awfully impressed.
Anyway, back to the plot.
I understand that the Parliamentary timetable, both in Westminster and in Europe, is a little light at the moment, so there will be some interest in making a start on the Parliamentary scrutiny on the text pretty soon. Actually, well before the river pageant that will mark the Queen’s Diamond Jubilee. Rooms and flights have evidently been booked for the first session of the consideration of the text by officials. And we know, thanks to the Commission’s timetable, which sets of officials will be responsible for running the meetings over the next few years. For the first half of 2012, meetings will be chaired by the ever so efficient bods from Denmark. Come the summer, they’ll hand over responsibility for steering the discussions to their colleagues from Cyprus. And, if there’s still lots to talk about, the sessions will be steered by the Irish team during the first half of 2013.
And, as far as the European Parliament is concerned, we know that the LIBE Committee will be taking a keen interest in the text, along with a couple of others who will want to ensure that their views will be fully taken into account.
So, if the legislative scrutiny is to start soon, I do hope that we will all have sufficient time to get our evidential packages together, so that these lucky scrutineers can fully appreciate the consequences of whatever it is they are scrutinising.
None of us want this project to fail. But we don’t want this to be a lost opportunity, either. Let’s see how we might achieve a desirable objective but without having to undergo some bureaucratic form-filling circus that simply crushes the spirit of well-intentioned data protection folk. Because as soon as you lose the support of the well-intentioned data protection officers who will be responsible for implementing most of this stuff, the sooner we might as well all pack up and go home. This nascent profession could be snuffed out at birth.
No self-respecting data protection officer is going to put up with putting themselves through hopeless rituals they don’t believe in. For that, all you need is a jobsworth with a sharp pencil. And you know how innovative that lot can be.