Three white papers have just been published which
ought to give the European Commission some angst, as it polishes its proposals
to reform European Data Protection law.
You should like them. At just 11, 7 and 10 pages long, they
are concise and pull no punches. Authored by Omer Tene and Christopher Wolf of
the Future of Privacy Forum, they are essential reading for anyone who tries
their best to keep up with the latest plans to amend the current Data
Protection Directive.
The papers do, however, contain a fatal flaw that might well
be used by those who hold different views to ensure that they are widely
ignored. But more about that later.
First, the papers.
A paper on the costs
and paradoxes of explicit consent concludes that there is a the need to provide
individuals with greater transparency and control over their personal data, but:
“By restricting organisations’ ability to rely on implied consent without at
the same time simplifying the ‘legitimate interest’ test, the GDPR elevates
form over substance. Much like the amended cookie provisions in the e-Privacy
Directive, this will result in formalistic compliance without delivering
individuals meaningful transparency and control. Consent should not be treated
as a one-size-fits-all model; it should be tailored to the context of a
relationship or transaction and tied to the sensitivity of the data as well as
the societal value of its use.”
A paper on the definition of personal data criticises the
binary nature of regulation – that regulation only applies when the specific
information fits the technical definition of ‘personal data’: “European law
should avoid a rigid distinction between personal and non-personal data based
on strictly technical criteria and divorced from the circumstances of data
collection, retention, and use ... The GDPD should introduce the concept of
pseudonomised data and give it credence by allowing the processing of such data
without consent. This would prevent organisations from pursuing a perverse
incentive to identify individuals strictly in order to comply with data
protection law.”
A paper on the jurisdiction and applicable law proposals
comments that the Commission’s proposals to extend their extraterritorial application:
“Constitutes a dramatic shift from a
country of origin to a country of destination approach, and portends general
application of the GDPR to the entire internet.” The paper argues that: “Overextension
of EU law to apply to the entire internet is excessive. Such a move will result
in a framework which is unenforceable and infringes upon principles of comity,
interoperability and international law.”
All this, from a
pragmatic perspective is common sense and ought to be supported. I’m looking
forward to attending a debate in Brussels next week where some of the Gods
of Data Protection will be present to debate this stuff.
Just how might
the opponents rubbish them?
Well, the documents do contain a flaw that could be fatal in the eyes
of their detractors. You see, the Future of Privacy Forum is a Washington DC
based think tank. Yes, it may be led by internet privacy experts Jules Polonetsky
and Christopher Wolf, and include an advisory board comprised of leaders from
industry, academia, law and advocacy groups. But, it is still an organisation
that has its roots in America. If it
really wanted to enhance its credibility within Europe, it should move its headquarters
from Washington DC to Berlin. Or Paris, at a push.
The mere whisper that all of this
common sense is coming from overseas, rather than from within the European
Community, ought be enough to ensure that the opinions and conclusions are ignored by the Sado
Dataprotectionists. [See my blogs of 8 and 10 November 2012 for a fuller
description of this sect.]
'Perhaps this is just special pleading from America, home to some of the greatest data protection offenders of all', the rumour will run.
'Perhaps this is just special pleading from America, home to some of the greatest data protection offenders of all', the rumour will run.
And that is a pity.
But I am looking forward to the
verbal equivalent of transatlantic data protection fisticuffs in Brussels next
week as the papers receive their first public debate. I am also looking forward to reporting on some of the
better soundbites.
Source:
http://www.futureofprivacy.org/2012/12/20/eu-roundtable-discussion-white-paper-launch/
.