Saturday, 23 June 2012

Best data protection quote of the week

There can only be one winner for my latest “best data protection quote of the week competition”.

It is awarded to Phil Jones, who is currently a special advisor in Promontory’s global privacy and data protection practice in London. Almost everyone who is anyone in British data protection will have benefited from Phil’s advice – for it is he who spent 20 years at the Information Commissioner’s Office, playing a key role in the authoritative practical implementation of British data protection law.

What he has to say matters. It mattered then and it still matters. So it’s especially important to listen when he speaks about the draft Regulation.

Phil was a panelist this week at a conference organised by PDP, held at the impressive offices of SNR Denton in Central London. He referred to accountability as a excellent data protection principle, but stressed that the European Commission, by proposing that all data controllers adopt overly bureaucratic structure to demonstrate just how accountable they were, were weakening the very principle the Commission was trying to promote.

The levels of detailed prescription in the draft Regulation, together with the reserved powers for the Commission to impose more detailed requirements on data controllers, comprised: “an awful attempt to impose harmony through prescription. It undermines and makes it very difficult to sell the reason for doing it.”

I absolutely agree.

I can understand the desire for policymakers to make policy. But they have to have more than half an eye on the practicalities of implementing the policy. In the regulatory culture I have been brought up in, new data protection policy is not something you can wave a magic stick act and assume that everyone will follow whatever whim passes through Parliament (or the Regulator’s offices). Politicians – and regulators - need to think how they can woo their audience of data controllers, not tie them up with obscure rules and red tape, especially if they intend to develop long lasting relationships with them, based on mutual respect and trust.

I fully understand that the regulatory culture may be different elsewhere within Europe. And that in some countries, people prefer to be told precisely what to do. But that doesn’t work in ‘Blighty. If British citizens react so vigorously against the concept of ID cards, I really don’t think that British enterprises will take that readily to an over complex system of requirements, controls and audit tools.

Let’s refocus the debate back to transparency – and to fairness. And let’s continue to ensure that whatever data controllers do, they would always feel comfortable explaining it to the mighty Jeremy Paxman on BBC’s Newsnight programme, if they were ever required to do so.

Image credit: