Tuesday, 6 March 2012

I’m a DPO, get me in here!

The 500 lucky winners of this year’s “Get a place at the ICO’s Annual Data Protection Officer Conference” competition assembled today at the Palace Hotel in Manchester to celebrate their good fortune. And also to attend the ICO’s conference. Who needs to travel be among a cast of thousands at an international privacy event in Washington DC this week when the ICO can lay on such a magnificent event – free of charge – for those of us who need some support and assistance in ‘Blighty?

How best to describe the Palace Hotel, Manchester? Think of a Victorian version of Hogwarts, with steps (I didn't manage to find the lifts) leading to lots of floors and hidden spaces, many of which were tastefully decorated in brown and green porcelain tiles. You’ve just about got it. Spookily, “Oliver Twist” was playing at the Palace Theatre just across the road. Fagin would have felt at home in either venue, today.

But, what a great place it was to assemble some 500 souls who were most concerned about British data protection issues. And how amazing to think that there was a waiting list of a further 500 applicants who didn’t make the final cut. It really is reassuring to appreciate that there are so many people who want to apply the rules with such dedication. They wouldn’t have been there, or wouldn’t have applied, if they weren’t.

And, also, how great it was to see at the event so many bods from the Commissioner’s Office in Wilmslow, just up the road. Occasions like this really help reinforce a spirit of shared values and determination. The ICO has worked really hard to maintain a good working relationship with concerned individuals and data controllers, and it is nice to take opportunities like today to acknowledge that most people’s minds are in the right place, even though no-one can be perfect all of the time. But so many of us care, and that’s what matters.

It was so refreshing also to hear the message, from delegates and from many of the ICO officials who spoke during the workshops, that what we really need to focus on is outcomes, rather than procedures. The theme was first evoked by the keynote speaker, Francis Maude, Minister for the Cabinet Office. He characterised the current internet revolution as “an irresistible and unstoppable force.” And, in what he termed as “an immensely constrained fiscal environment,” he appeared determined not to allow data controllers (and especially those who wanted to share data for legitimate business and public purposes, to be hampered by outdated practices: “An overly restrictive environment will restrict our ability to innovate.”

While he also pointed out that the law should not be obscure, nor unclear, I sensed that he was not mightily impressed with all of the plans that the European Commission had recently announced in their plans for a General Data Protection Regulation. The draft text of his speech is available here.

If I were a betting data protector, I would bet that we Brits are really ready for a fight on some of the more prescriptive provisions in “that” Regulation. And I would also bet that a number of British Parliamentarians are going to be mightily unhappy when it dawns on them that, in a an age where reputations (and newspapers) have been lost through poor privacy practices in Britain, it is madness that the British Parliament is to be neutered when responsibility for so many things data protection are transferred from Westminster to the institutions in Brussels. This cannot be right.

I also overheard, in the margins of the meeting, gossip that one of the first Council meetings to review the proposal didn’t go as well as the Danish hosts might have expected. Despite carefully laid plans to ensure that the attendees got through a certain proportion of the text, delegates insisted on speaking their minds, rather than keeping to the timetable. So, progress was not as made as quickly as planned. If they don’t start curtailing official debates soon, all bets will be off that the gestation period will be merely 18 months.

But, delegates at today’s conference were very careful not to make any political points, nor was there any public criticism (from ICO officials, anyway) about the current legislative environment. This was not the day to discuss such sensitive matters. Instead, today was the day to discuss ever more innovative ways of getting it right.

In terms of delegate numbers, the runaway success of this conference series is truly astonishing. Perhaps it’s because it’s free, so public sector DPOs have no reason to be denied attending on internal budgetary grounds. It’s getting so large that the ICO should consider using the main conference hall in Manchester’s GMEX centre, soon. And that is a wonderful way to celebrate that we Brits are serious about getting this data protection stuff right, even though our ways of doing things aren’t always the ways that our colleagues in the Commission would prefer.

We Brits don’t need to rely on complicated forms prescribed by clever Eurodataprotectorcrats to try and get it right. We pride ourselves in preferring to rely on our own ingenuity and pragmatism to deliver culturally acceptable, good privacy practices.

Anyway, let me end by sending my best wishes to those folks currently en route to Washington DC for the International Association of Privacy Professionals’ bash. I do hope that your event is as entertaining – and as productive – as this one has been.