Tuesday 18 November 2014

Sleepwalking into a single DP regulatory authority

The arguments currently going on about the how citizens might expect their rights to be upheld by the "One Stop Shop" point in one direction – perhaps the only way to end the potential for bickering between the data protection regulators of each EU member state will be to impose a single regulatory authority on any EU country that wishes to remain within the EU.

As Europeans (generally) use the same currency to pay for their goods and services, then they ought to be able to use the same tools to protect their privacy rights, too.

This is probably why it has taken so long for agreement to be reached on who should next be appointed European Data Protection Supervisor, as I suspect that the endgame is for the EDPS to supervise a good deal more than just the European institutions.

Will this be a problem?

Certainly not for those who believe in the European dream, of a European superstate, headquartered in Brussels, with satellite offices in what will eventually become “former independent countries.”

This vision provides citizens with an equivalent layer of protection wherever they live. Their fundamental rights (whatever this actually means in practice) will be equally protected, regardless of whether an incident occurs in Cyprus, Poland or Latvia.  

And a single, mighty regulator, might start to be a match for the global data controllers, who might feel slightly more constrained in how they engage with European customers.

As Freddie put it:

One dream  One soul, one prize
One goal. One golden glance of what should be
It’s a kind of magic
One shaft of light that shows the way
No mortal man can win this day
It’s a kind of magic

(You get my drift)

Quite how plucky nationalists might respond to a single Data Protection authority is not clear. Will they be outraged at what they could perceive to be another loss of sovereignty? Another lump carved out of the subsidiarity principle? Or will they grudgingly accept that if rights are to be granted by a European Parliament to grateful European citizens, then they all ought to be able to exercise these rights in equal measure, regardless of the attitudes taken by their national Governments?

In the end, I suppose it depends on whether citizens feel more comfortable with their rights being upheld by someone they’ve possibly heard of (like the ICO), rather than a more remote set of officials who they will hardly ever get to see (even on TV) because of the huge territory they would be expected to cover. 

Just what is it we want from our regulators? Currently I sense there are a range of cultural approaches to the art of public regulation within Europe. 

Do we want someone who we can engage with, or someone who will just tell us that we’ve done wrong?

I know what I would like – but I also think I know what I’m more likely to get, should a single European regulatory authority emerge.

Image credit: