Sunday, 8 December 2013

Enough, please. No more laws.

The latest publication to prop up a proper Data Protection Practitioner’s bookshelf is Baker & McKenzie’s Global Privacy Handbook. This remarkable work, comprising 586 pages, explains the data protection laws of 42 countries. The structured format helps the astute researcher to easily find what they are looking for, while a handy “emerging issues and trends” section in each country helps the reader appreciate that privacy remains deeply embedded into national cultures. Here is proof, if you really needed it, that one size does not fit all.

One of the best things about the book is that it’s free. And it tells most of us all we really wanted to know about data protection in countries other than which we specialise ourselves.

But what else do I take from a book like this?

The political impossibility of agreeing single set of simple global privacy rules (at least in my lifetime) is laid bare here. Local regulators have too much of their own home turf to protect. There is no uber regulator that is capable of exercising the authority required to force everyone to toe the line. There is no shared agenda. To many regulators are focused on local issues.

Instead, we will continue to see the development of regional groups of regulators, most of whom will be on their best behaviour when they meet to discuss issues of mutual concern, but with a tacit recognition that each regulator has the right to throw a hissy fit in the event that local cultural needs conflict with the cultural needs of others.  

But, fortunately, all is not lost. For the regulators are also, to a considerable extent, pragmatists. They know when to turn a blind eye to the odd dodgy data protection practice when it suits them. In a world of ever diminishing regulatory resources, they too have to be selective to be effective.

And the few truly global data controllers (we all know who they are) aren’t that dumb either. They will continue to be influenced by the howls of protest from the various sections of their customer base.  They will continue to be world leaders in terms of transparency (and increasingly security, masking data from all Governments other than their own). And they will increasingly invest in data protection, providing shining examples to the lower divisions of data controllers for whom managements struggle to provide anything like adequate resources.

Does it really matter that there are no global data protection laws?

In a world of so much global poverty and conflict (a lot of which sparked by forms of religious fundamentalism that I fail to grasp), I have to say that it wouldn’t be the highest item on my agenda, if I were appointed Secretary General of the UN.

In my quest to reduce the anomalies of global data protection rules, I would focus on those that were created more for reasons of national protectionism rather than free trade. Fortress Europe cannot be the way ahead. But neither can the Wild West approach practiced by an awful lot of cowboys.

I’ll have more to say on this subject when I’ve had time to think more carefully about what sort of ICO I would like to see in a few years time. Against the backdrop of a funding crunch, which services ought to be preserved? And which services deserve to be sacrificed – not because they are not important, but because they are not important enough?