Tuesday 31 December 2013

My (unreliable) data protection predictions for 2014

The success of last year’s predictions (see my blog dated 31 December 2012) has inspired me to try again.  While a few were wide of the mark, others were spot on. Can my predictions be as reliable in 2014? Only time will tell.

BBC choirmaster and broadcaster Gareth Malone OBE contacts the ICO chorus to ask if it is interested in TV special, and a concert supporting Susan Boyle during the Malaysian leg of her 2014 world tour. Information Commissioner Graham accepts the offer, realising it’s the only way he’ll get the funds to travel to the International Data Protection Commissioners Conference in Mauritius in 2014.

Emergency budget restrictions implemented at the ICO cause BT to cut off all telephone and internet lines to the ICO’s offices in Wilmslow due to non-payment of phone and internet bills. Problem noticed and resolved within 18 working days.

Roof falls in at the ICO’s annual conference in Manchester after thunderous applause greets a short speech from Information Commissioner Graham explaining what he really thinks of the soon-to-depart European Commissioner Vivien Reding.

Deputy Information Commissioner David Smith announces that, as annual staff turnover is now at a record 45%, to provide continuity of data protection guidance, he will commit himself to remaining with the ICO until his 94th birthday.

Commissioner Graham summoned to the House of Commons Home Affairs Committee to explain why the roof of the Manchester Convention Centre fell in while he was speaking last March. ICO ordered to pay the cost of the repairs.  ICO announces that it will do so by cutting the number of enforcement staff employed to fine public authorities for data protection breaches.

ICO announces that new budgetary restrictions mean more changes will be made to the procedure for registering DPA complainants. To ensure that complainants receive an even more attentive and personal service, complaints themselves are required to attend the ICO’s offices in Wilmslow, Cardiff, Edinburgh or Belfast in person to register their complaints. Emails containing complaints or copies of documents are no longer considered acceptable and will not counted towards the ICO’s statistics which show how it deals with complaints in a timely manner.

Guardian Newspaper publishes more revelations from Edward Snowden and the NSA. Information Commissioner Graham has evidently never been of sufficient interest to the British or US authorities to require the Home Secretary consider signing a warrant to intercept his private communications.  

Information Commissioner Graham summoned to the House of Commons Home Affairs Committee to explain why he was never considered sufficiently important to require scrutiny from the intelligence services. Commissioner Graham explains (yet again) that data protection is a bit of a Cinderella subject that very few people take seriously, which is why hardly anyone has complained when so much of his 2013 – 15 operating budget has been cut, and why so few national honours have ever been awarded for services to data protection. Evidence session brought to a prompt close to provide enough time for the next set of witnesses, who are to be questioned on the social menace of dog fouling along Frinton seafront.

Grand gala concert for the outgoing European Commissioner Viviane Reding in the European Parliament celebrates her many triumphs. The event is interrupted by a section of the audience who roundly boo the ICO chorus, not because of their vocal abilities, but because they are accompanied by the UKIP orchestra. Order only restored when Commissioner Graham and Viviane Reding sing a tender duet together. 

The incoming European Commissioner whose portfolio will include Data Protection (some politician from Denmark, Malta or Norway) explains that the Commission is now keen for the current Data Protection Directive should be replaced by a slightly revised Directive, rather than a complicated Regulation, to enable each EU Member State to be as beastly as they want to Apple, Google, Facebook, Microsoft, Twitter, and Yahoo!.

The International Association of Privacy Professionals announces changes to its daily news feeds. Such is the incessant data protection noise from all parts of the globe that its daily digest will be replaced with an hourly digest, bringing details of all those great seminars and webinars that people can register to attend (and for such reasonable fees). Monthly IAPP conferences are announced in every continent, causing many other data protection conference organisations to cease trading.  The European Commission criticises the IAAP’s international privacy certification scheme, arguing that it is not sufficiently focussed on local privacy rules.

A lucky data protection oik receives a letter from the Lord Chamberlain’s Department, explaining that if they’re everso good then HM Queen might be minded to award them a gong in recognition of their services to data protection. Said oik is then asked, if the award is forthcoming, whether they might kindly reconsider their previous announcement to retire from the ICO on their 94th birthday.

Image credit:


Saturday 21 December 2013

With seasonal greetings

This is the penultimate blog of the year. The final blog, to be published on New Year's Eve, will look forward to what may be the most significant developments of 2014.

For me, my perspective on personal data continues to change. As an independent consultant, I continue to take an evenly balanced view on the needs of the data controller and the individual.  But, I’m also becoming quite aware of which sectors of the economy “get” data protection, and which sectors become ever harder to convince that this personal data malarkey (or the threat of regulatory action from the regulators in Wilmslow) actually means very much.

The focus from Wilmslow, of budgets being tightened, and more and more being required for less and less will, I fear, end up with even the ICO’s supporters querying how it can begin to achieve its statutory objectives with the income it has been granted.

Perhaps someone will devote some time next year to disentangling some of the parts of the ICO’s job description. What can be done more properly by an Information Ombudsman (Like, say, the Financial Services Ombudsman)? Ombudsmen tend to deal with specific complaints, and they don’t tend to have the time to see whether structural changes or reforms are required across industries. A newly constituted Information Commissioner could easily lose (or dispense with) his complaints and enforcement arms. This might leave the ICO with tasks that are more strategic and can be dealt with by a Commissioner with the size of staff that most British Commissioners have. [The Surveillance Commissioner, the Surveillance Camera Commissioner, the Interception of Communications Commissioner, the Forensic Services Commissioner, the Children’s Commissioner – even local Police & Crime Commissioners together don’t have the resources the ICO has]

Perhaps someone will devote some time next year to working out what training needs data protection officers require, and how these can best be delivered. Or will everyone just sit back and wait for the IAPP’s certification programmes to wash over the world? And allow the British Computer Society’s data protection ISEB exam to fade away because it’s actually pretty hard to pass?

And, perhaps, a few more companies outside the financial services sector will realise that this data protection malarkey is quite important, and that responsibility to addressing the relevant issues had better not be devolved too far down the management chain.

But none of these will feature in my 2014 predictions list. No, that list is far more fanciful.

Thanks for reading this blog during 2013 – and for your very helpful comments during the year.

Happy Christmas.

Image credit:

Tuesday 17 December 2013

NSA: Data Protection Villain of the Year 2013

Well, who else could it have been? The Crouch End Chapter of the Institute for Data Protection was faced with an overwhelming case to declare America’s National Security Agency to be its  Data Protection Villain of the Year.

What other institution has done more to make people appreciate the potential potholes of large data capture programmes? Has any other institution so quickly united global regulators in fury/impotence/admiration of what they have been alleged to have got up to?

Is there any other institution that has found it so hard to explain to citizens journalists just what data processing is necessary for the purposes of safeguarding national security? To all intents and purposes, it has evidently not yet won the argument. While vast swathes of the population admittedly do not care less, one vocal section of the community has become very engaged in what they see as a fundamental betrayal of their human rights. They’ve very angry, and are applying all the levers the American Constitution can offer.

Is there any other institution that has failed so spectacularly to keep data secret? If we ever needed evidence that data “in the wrong hands” is a toxic liability, then here it is.

Finally, is there any other institution that has caused the national intelligence agencies of other countries to fear that the public may soon focus on what those intelligence agencies might also have been getting up to? Or caused the cloud computing providers of America to fear that their global expansion plans have really hit the buffers?

I rest my case.

The award will take the form of a chant, to be sung softly, by candlelight, by the ICO chorus at the beginning of next week’s data protection carol service in Wilmslow. I understand that the chorus is still working on the tune, but the words will be:

Make us atone for causing data mayhem
Make us feel the wrath of Commissioner Graham

We’re no saint – we are truly a sinner
Pack us off to bed without any dinner

Punish us in ways that are most effective
Beat us on the bottom with the Data Directive

Fine us till our bank balance is zero
Cummon, do it, be a regulatory hero

Show the rest who is the best
At hurting those who’ve just confessed

Make us squeal- we ain’t no fools
We deliberately broke them data rules

Now tell us - what on earth can you do
To stop us from breaking them rules anew?

Your punishments are so petty and frugal
You don’t scare us – we’re so much greater than Google

Absorbing global data night and day
Give it up for the NSA


Saturday 14 December 2013

John Bowman: Data Protection Hero of the Year 2013

Last night’s meeting of the Crouch End Chapter of the Institute for Data Protection focused on one main issue – that of nominating its Data Protection Hero of the Year. The winner was unanimously declared to be John Bowman of the Ministry of Justice. Why? In honour of his outstanding service to the country as lead negotiator, overseeing UK negotiations on the European Commission’s data protection proposals.

John was appointed Head of EU and International Data Protection Policy at the MoJ in November 2011. He had completed a review of Claims Management Regulation, and previously led MoJ’s engagement with Muslim communities on raising awareness of domestic and matrimonial law.  He also headed the UK delegation to the 2011 Special Commission on the practical application of the Hague Conventions on international child abduction. So he is well versed in addressing the needs of a diverse range of stakeholders.

John’s award will (hopefully) take the form of an anthem of praise, sung to him by the ICO chorus. The date and venue of this remarkable presentation has not yet been determined, but with luck it will be captured on You Tube. The ICO chorus is still working on the tune. The words of the anthem, however, are likely to be:

Let us praise
Above them all
Our man from the MoJ
Who still walks tall
He’s a star
He's going far
What devotion
Midst this commotion

Many months, nay years
Of sweat and tears
So much time and so much travel
(Will this bloody Reg unravel?)

John’s our saviour
Wants good behaviour
At a cost all can afford
He’s pragmatic
Not dogmatic
Consensus not discord

There is no one
Like John Bowman
In the DP world today
He’s the master
And thinks faster
Knows what the Minister will say

What class
Nerves of brass
Overcomes any impasse
Good suits, great ties
Well judged replies
No flashy showman
All hail - John Bowman!

The Crouch End Chapter also awarded its Data Protection Villain of the Year prize last night. Details of that recipient will be announced in due course.


Thursday 12 December 2013

In the cold presence of pure evil

Have you ever had a paranormal experience? En route to Tuesday’s meeting of the Data Protection Forum, I encountered a scene where all my senses told me that I was in the presence of pure evil. I stood, transfixed to the spot, while what I can only describe as the spirit of the devil passed by.

I’m not making this up. It was 9.15am, and I was walking along a busy Blackfriars, some 50 yards from the Old Bailey. I heard the sound of police sirens. Four police vehicles helped two prison vans ignore the usual traffic restrictions and make speedy progress past me. Then, in a well rehearsed manoeuvre, the police vehicles blocked the roads, another dozen policemen appeared as if out of nowhere, automatic weapons were on full display, and the unseen occupants of the vans were driven more slowly into the body of the court building itself.

The police were on maximum alert, as if expecting an armed ambush at any moment.

Everyone was told to stay just where they were. And we waited, for a few minutes, as the vans disappeared into the Old Bailey. Silence. No-one spoke. And no-one objected to the momentary intrusion on their right to walk along the Queen’s highway. Many of us sensed who was in the vans, and that was enough to convince us that we should stay where we were for the time being. It was quite unsettling.

Then, without a word but with a series of gestures, the police melted away, and we were free to walk once again along the pavement.

I had not seen such a heavily armed (and impressive) police escort for a long time. But then again I had never before been in the presence of the two people who were being tried for the murder of soldier Lee Rigby. 

Was it necessary for the state to put on such a mighty (and theatrical) show of force?

I’m not sure, but it certainly did the trick for me.

I didn’t mind momentarily giving up my human rights to walk wherever I wanted, to ensure that the accused pair could be safely delivered into the body of the court.

Just as I believe that many people don’t mind giving up their human rights to have their communications retained for a short time, in case it becomes necessary for a British investigator to seek legal powers to access them in the event that they get caught up in some terrorist plot.

When you’ve felt the cold presence of pure evil, your perspectives change.

Advance Notice:
Readers who are interested in such stuff might want to know that David Anderson QC, the Government’s Independent Reviewer of Terrorism, will be speaking at the Institute of Advanced Legal Studies on 24 February on “Scrutiny of terrorism laws: searchlight or veil?” In light of what we now understand the NSA to have got up to, it promises to be a really interesting session.

Image credit:
This is the scene, as captured by the great photographer Terry Scott, when the accused pair Michael Adebolajo and Michael Adebowale arrived at the Old Bailey the previous week, on 2 December.