If the proposals in the General Data Protection Regulation continue
in their current vein, the Information Commissioner’s Office may lose it's
ability to fund it's data protection work by means of registration fees from
data controllers. So, discussions on how
to fund the ICO in future must be going on behind closed doors. If there is no
requirement to register, the ICO won’t know who to recover a fee from. Try as I can, I don’t see much evidence of a
public debate going on about alternative funding streams for the ICO.
So, perhaps it’s time to start one.
My cunning plan, for what it’s worth, is to work on the
premise that if a decision is taken to change the regulatory framework by means
of a Regulation, then the responsibility to fund the regulators should be
transferred to the European Commission. The ICO can remain an agency
independent from the British Government, but funded directly from Brussels.
This frees up what is probably a Mexican standoff between
the ICO, patiently explaining what resources are required to enforce what are
evidently EU-determined “fundamental rights”, the Ministry of Justice, explaining
that it simply hasn’t got enough money, and the European Commission, expecting common data
protection standards to emerge within the EU.
Such a proposal could ensure, to the extent that regulators
are expected to regulate a Regulation, that they all have equivalent resources
to carry out this important work.
The European
Commission, of course, might insist that it could not possibly take on such a
great financial burden - although, to be frank, it does seem to be the case
that almost every EU Member State is reducing national budgets faster than the
Commission.
If, on the
other hand, a decision is taken to change the regulatory framework by means of
a Directive, then the European Commission must accept that Member States have a
right to decide for themselves what funds should be made available to
regulators, bearing in mind other pressures on national budgets. And yes, this
will lead to an uneven state of funding, and (probably) an uneven state of data
protection compliance.
But is there
anything wrong with an uneven state of compliance, given that the economic
conditions in Member States are also so uneven? Why should data protection be
given priority in countries that are dealing with huge social problems brought
on by economic circumstances?
To suggest,
for example, that data protection funding in Greece should be given priority
over funding for Greek pensions or Greek healthcare is surely absurd.
The Article 29 Working Party recently
suggested that: “To ensure all DPAs are sufficiently equipped to perform their tasks, the budget
of a DPA should be based on a fixed amount to cover the basic functions that
all DPAs have to undertake equally, supplemented by an amount based on a
formula related to the population of a Member State and its GDP and the amount
of main establishments in that Member State. In addition, the Working Party
feels DPAs should be enabled to be selective in order to be effective. They
should be able to define their own priorities and to start actions, such as investigations,
on their own initiative, notwithstanding the obligations regarding cooperation,
mutual assistance and consistency according to Chapter VII. Therefore, to
ensure DPAs and the European Data Protection Board can effectively carry out
their duties it is necessary to provide clear rules on issues such as budget,
equality of powers, the margin of discretion for DPAs and how the mutual assistance
and the consistency mechanism are to be put to practice.”
So, not only
does the Article 29 Working Party want funding based on a fixed formula, they
also want the discretion on how the money should be spent. There is no mention
on whether funding should be from central or local sources, though.
Well, at
least they are trying to start a public debate.
Let’s see
who fancies joining in.
Source:
Statement of the Working Party on
current discussions regarding the data protection reform
package, published by the Article 29 Working
Party, 27 February 2013
Image credit:
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQK4Nhb5rO4AGjghep8QoTeAFyIvGIbzQ7-CbN7keff0BW5Fy_UXP2cyixFapZu-g6ssFnHr7gP8XqzUZO0wDhfQjxhbsb-3-fh0FSwL0g1egmnKAuPKcmfx8lKMwv6D9fAL9_HXaqeZbf/s1600/SavingsPig_Full.jpg
.
.
Posts
