Wednesday, 14 November 2012

Losing it with the Regulation

We are, I fear, well past the stage where normal data protection officers can follow the current debate on the proposals for a General Data Protection Regulation. It’s easier to understand Google’s privacy policy than it is to fully comprehend just what is going on, right now. Where are the egg heads, with brains the size of planets, when you want them?

Every few days comes news that yet another interested group of well meaning stakeholders have submitted comments, or produced a report on the thing. And then you’ve got to read it. Or at least a summary of it, if you want to keep on top.

One of the more recent contributions was a report commissioned by the European Parliament’s Committee on Internal Market and Consumer Protection. Published in September (and 88 pages long), it contains a series of quite detailed technical and policy recommendations, many of which will result, if implemented, in the text being more comprehensive and even less accessible to data protection officers without professional assistance.

The key recommendations were set out in an Executive Summary, which itself is 6 pages long. The usual things were mentioned – along with a couple of quite bright ideas too. I’ll leave the link at the bottom of this blog if anyone’s sufficiently motivated to read a copy for themselves.

It was a shame, I think, that when the Committee met to consider this important issue, a number of other issues were also on the agenda – and these may have attracted more interest from the Committee members. They do work hard though – as well as reviewing this issue, agenda items that day included

• the transparency of measures regulating the prices of medicinal products for human use and their inclusion in the scope of public health insurance systems;
• harmonisation of the laws of the Member States relating to the making available on the market of pyrotechnic articles (ie regulating fireworks); and
• harmonisation of the laws of the Member States relating to making available on the market of measuring instruments (ie regulating rulers).

Compared with that lot, the item on harmonising data protection laws must have been a doddle.

Guess what?

I’ve been advised by a chum that following the public part of the recent Data Protection and Privacy Commissioners in Uruguay, a closed session was held, following which 3 declarations - on cloud computing, profiling and the future of privacy were issued. My chum has set me a task – which I now pass on to you:

In all these years of issuing declarations, I wonder if any data protection officer has ever cited them as authority to do or not do anything?

I must admit that I racked my brains and realised that I couldn’t remember having cited anything. Then again, I’m not one of the high priests of data protection. I like an easier life. But that’s just me. There must be plenty of folk who hang on their every word.

So, a special prize (an image of a data protection anorak) will be winging its way to the first of these folk who can offer me evidence that they have actually cited anything in any of the declarations that have been issued by this most important group of experienced regulators. In the event that multiple entries arrive in my in-box at the same time, the prize will be awarded to the earliest citation.

Please note that staff of said Data Protection and Privacy Commissioners are excluded from entering this competition on the basis that they, at least, ought to cite these declarations every once in a while.

Ready, get set, write.