Monday 24 September 2012

An invitation not to be refused

The letter has finally arrived.

No, I have not been offered an honour in recognition of my services to data protection. Only folk at Wilmslow ever get an honour in recognition of their services to data protection. But I have been offered the next best thing. Which is to become a member of a new advisory group, being set up by the Ministry of Justice, to discuss and advise on the proposed EU data protection Regulation.

I’m excited about this initiative – as I’m determined to ensure that whatever data protection regime we end up with, that its acceptable to individuals, companies and public bodies alike, all of whom have very compelling reasons for insisting on high standards. These standards can’t come at just any price, though. They have to be realistic, and they shouldn’t stifle innovation. Nor should they cause anyone any harm.

This brings my data protection career back to the early days – some of my early data protection memories as an official of the Association of British Insurers involved squeezing into small conference rooms at the (then) Home Office in Queen Anne’s Gate, advising Home Office officials on the implications of some of the wording proposed in the draft text that eventually became the current Data Protection Directive.

That office building, in Queen Anne’s Gate, has now been renamed Petty France. It’s been completely refurbished, and is now occupied by – yes, you’ve guessed it, the Ministry of Justice. So I’m really looking forward to returning to (probably) the same set of rooms where, some 20 years ago, I would have been discussing basically the same set of issues.

Life is a carousel.

What is also exciting, though, is a separate opportunity to do some really hard thinking with some chums on an issue which will certainly not be on any of these agendas, and it’s definitely not in the Panel’s terms of reference. But, it will be on most people’s lips in 2013. The issue is whether Britain will get its data protection powers back after the 2014 Euro referendum.

By 2013, talk amongst the data protection chattering classes may be of little else. The move towards a European superstate, on the part of some current Member States, will require some hard thinking about what powers will be returned to those Member States that decline to be full members of this superstate.

If I were a betting data protector, I would hope that plans would be hatched to ensure that a data protection regime fit for Britain could be swiftly implemented, should it become clear that ‘Blighty will not wish to be a full member of this emerging superstate, and that it will have the opportunity to make its own data protection laws.

Will that matter? If it means that the Brits can continue to develop a pragmatic and risk-based approach to data protection, it’s quite hard to point to any new harms that British citizens may suddenly become subject to. It’s also hard to think of reasons why standards might not become more transparent.

I can’t think of many sensible people who really want shoddy data protection standards. But I sense that there is a genuine debate about how much investment (in terms of people, policies and processes) needs to occur to improve standards in certain areas, and over what time period this investment should take. And, if the state is to invest in the improvements in data protection standards in the public sector, I would love to be involved in the public debate about how public sector resources should be reallocated from existing budgets to pay for a beefed up Information Commission.

Yes, it might well mean a beefed-up British Information Commission, but that may not be too much of a problem. We all need jobs – and if the private sector is facing difficulties creating new ones, then there’s no reason why the public sector shouldn’t invest in a few more enforcers. Actually, this ought (eventually) to increase the number of knowledgeable and experienced British data protection professionals. Soon, local data controllers will realise how useful it is to have someone who understands the issues on their own team.

Anyway, for the record, from now on I will not comment or blog on any aspect of the MoJ Panel’s work that is not already in the public domain, nor will I refer to any of the views expressed in private by any member of the Panel.