Friday 13 September 2013

What’s happening with LinkedIn these days?

A couple of years ago, I thought LinkedIn was a “Facebook for professionals!” type organisation, with colleagues discretely keeping in touch whenever there was a pressing need. And it was a useful tool to understand what was happening within the employment market.

Today, it seems to be a different beast. I find it hard keeping up with stuff, mostly from people so keen to start a discussion that all they do is republish a link to an old article. Do they provide any of their own views on the issue in hand? Mostly not. So why do they bother?   

Possibly because they’re keen to ensure that others notice the news, or perhaps because they’re keen to get noticed as an “influencer” themselves.

And this is a shame, as it devalues the occasions when someone actually has got something interesting to say.

Also, I’m a little concerned that chum of mine from France keeps asking me to stop inviting him to link with me. Much as I respect him (and he is an extremely respectable professional), actually I don’t remember inviting him, and I’m not sure which of the many settings on LinkedIn I need to change to stop pestering him in future. His latest billet doux is still couched in friendly terms, but I dread to think what will happen if I'm still sending him invites this time next year:

“I’m getting regular invitations to join your LinkedIn network -- do you think you could try to stop these please? As I mentioned a while ago, it's nothing personal -- I just never join this sort of network or acknowledge the invitations in any way (as doing so encourages unsolicited emails from the network).”

If anyone knows how I can stop my foul behaviour, please do get in touch.

Even via LinkedIn.

I’ll read that one – I promise.


Wednesday 11 September 2013

218 days to save the Regulation

There are just 218 days to go until 17 April 2014, which is when European Parliamentarians hold their final sitting. Then, they pack up their bags and they go home. Some will do a spot of campaigning while they wait for the results of the European elections, which will be held between 22 and 25 May. 

Parliamentary business that has not been concluded will disappear. Work on new legislative proposals will resume shortly before Parliamentarians embark on their 2014 summer break.

Compare this time period with what has happened in the 595 days that have passed since Commissioner Reding announced “Ladies and Gentlemen, we have done it”. What had she done? Well, on 25 January 2012 she had unveiled the draft Regulation, containing that infamous set of proposals for a comprehensive reform of Europe’s data protection law. Now, how many hours of debate have we actually seen in the Chamber of the European Parliament on this issue in the past 595 days? Or in the European Parliamentary committee rooms?

I do pay tribute to the long, long hours spent by so many public officials in private sessions trying to thrash out a text that meets the needs of citizens. I’m not suggesting for one moment that they have not worked sufficiently hard or with sufficient determination. I understand that, during one particularly fraught set of negotiations, one delegation arrived in the meeting room complete with a camp bed to demonstrate their dedication to the cause.  (Or it might have been to protest at the long hours that they were putting in - I was laughing so loud at the first part of the tale that I didn’t hear the end.)

So much had been done – but there is so much more that needs to be done, too.

So I ask you – is there really sufficient time in the next 218 days for the European Parliament to comprehensively review the proposals, agree on amendments, discuss their suggestions with the version currently under consideration by the Governments of Member States, and pass legislation that will bind a generation of European citizens to a new data protection law? 

Given what we know of where the negotiations are?

I don’t think so.

But perhaps, like Baldrick, the Commission has a cunning plan.

Perhaps the plan (like one of Baldrick’s) is to invent a time machine that will take us back to 26 January 2012 so that the European Parliament will have another 813 days to work out what to do.

Or perhaps the Commission will rush proposals through the European Parliament to change the current Gregorian calendar to introduce a new way of measuring time, one where legislative proposals can be considered in a time warp of their own.

Or, as a diversionary tactic, perhaps it’s time to admit that this version of the Regulation isn’t going anywhere, but there is a little device called a Directive that might stand a chance of making its way into law – because, with Directives, Member States can ignore the bits they don’t like exercise their own margin of appreciation over the way the rules will be implemented and enforced in their own country.

When will we be told that this draft is a gonner?

I’m reminded of the wonderful verse in “Paradise by the dashboard light”

Before we go any further. Do you love me? Will you love me forever? Whats it gonna be boy? Come on...I can wait all night... Whats it gonna be boy... yes or no?

The first European Commissioner to publicly announce that this measure isn’t going to be getting anywhere will certainly be getting my vote come the next elections.

So how will we feel when news of the demise of the Regulation, to be replaced by a Directive (at some stage in the future) finally comes through?

As Meatloaf might have put it:

We couldn't take it any longer, Lord we were crazed
And when the news came upon us like a tidal wave
We started swearing to our God and on our mothers’ grave
We’d love the EU to the end of time
We swore we’d love the EU to the end of time

I gratefully acknowledge the inspiration from James Dixon Barnes, who wrote a similar ditty for Meatloaf.

Image source:


Tuesday 10 September 2013

Hooray for the ICO’s new PIA

Life as an international data protection consultant can have its drawbacks. 3.30am starts, queues at the airports, and working out how to pay the charge as the hire car drives through yet another automatic toll barrier. 

But it also has its benefits. Hotel meals, meeting people for the first time, and (yes even) explaining to new colleagues that, at least in the UK, the ICO has given some thought to the issue at hand and has published some helpful guidance on its website which can lovingly be copied and used, as it (mostly) is in line with that country’s data protection rules, too.

As I go about my business, I sense that what people are still generally after is practical guidance on how to comply with the basic data protection rules. 

My international work has recently focussed on how to craft Privacy Impact Assessments.  To that end, I’m immensely grateful for some new stuff that’s on the ICO’s website. A draft Code of Practice is currently under consultation, and I’m pretty impressed with what I read.  

The previous guidance was, putting it politely, not an easy read.  Much was written by academics who, while no doubt absolutely brilliant in their own worlds, found it hard to craft a text which connected to people who lacked lofty educational achievements.

The new guidance is much easier to read. Perhaps the Plain English Campaign has already reviewed it.  I’m a great supporter of the Plain English Campaign.  I met the campaign’s founder, Chrissie Maher in the early 1990s, when working for the Association of British Insurers. I was involved in a project which offered guidance to insurance companies on what was required of them following the implementation of the Unfair Contract Terms Regulations 1989. (Linked with that project, I also remember speaking at a number of events where an official from the Office of Fair Trading was speaking, explaining to the audience what the OFT’s views were. That official was Richard Thomas. But that’s another story.)

Anyway, back to the plot.

The new draft Code from the ICO also commends a much easier way to complete a PIA – which can only be good news to those of us who do them.  Perhaps more thought has been given to the type of people who are currently Data Protection Officers. Not all are qualified solicitors, or even graduates. Many are people whose education was completed at  an earlier stage, and so it is all the more important that the ICO commends a process that can be understood – and followed – by someone who lacks professional data protection qualifications.

I’ve been trying it out in foreign parts. I’ve tweaked it slightly, but for me, it works. I’ll be explaining the ICO how I’ve tweaked it when I respond to their consultation – the deadline for comments is 5 November - but meanwhile I do encourage people to try it out and to see if it works for them.

The Trilateral  research and consulting group recently published some authoritative work on PIAs, including a 523 page book that can be bought (soft cover version £35.99) and a 267 page research report that  is available from the ICO’s website and can be downloaded for free. The really key finding is the lack of PIAs that have been carried out. 

Hopefully, the ICO’s simpler methodology to crafting one will be more eagerly adopted by us data protection professionals, and more PIAs will find themselves in the public domain.