Earlier today, I joined the throng of data protectors clamouring for a good seat in Westminster’s Central Hall, where a healthy smattering of the usual suspects had assembled for the launch of the ICO’s latest annual report.
For some of us, it was to be the second time we had heard Christopher Graham today. The first time was before breakfast, live on Radio 4’s “Today” programme, where he was asked to comment on whether ‘data protection’ prevented the Quality Care Commission from naming senior managers apparently involved in a decision to destroy a QCC report criticising its inspections of University Hospitals of Morecambe Bay NHS Foundation Trust, where a number of mothers and babies died. No it doesn’t, in case you didn’t already know. And last night, just before bedtime, Jeremy Paxman had been praising his wise pronouncements on the same issue on BBC2’s “Newsnight” programme.
Now, he was with us in person, complete with a whizzy Prezi presentation that really puts my trusted Power Point slides in their place. No lights, smoke, mirrors or a platform. Just an hour of explanations about how his office enforces, educates, empowers, enables, encourages, and is both effective and efficient . Yes, this was an “E-Annual report”. Parliament got the only printed copy. The rest of us will henceforth rely on the electronic version (or a pdf document which is available from the ICO’s website).
What did we hear that was new?
“We are not an arm of Government” quoth the Commissioner.
“But you are an arm of the state” mumbled a member of the awkward squad, seated nearby.
“Local government is making a pig's ear of data protection at the moment” quoth the Commissioner. (Presumably he was referring to the amount of enforcement action that had been taken against wayward local authorities, but no-one asked him just what he meant.)
“2013 will be the year that organisations realise the commercial imperative of handling customer data properly” quoth the Commissioner. Well, let’s hope so.
Private discussions among many guests before and after the main event focused on the prospects of a Regulation being agreed by the European Parliament and the Council of Ministers by this time next year. According to my (occasionally reliable) source, it seems that a deal is being hatched that might just about get agreed by our political masters. But, if the European Commission really is determined to get a Regulation next year, then it is likely that the only Regulation that could be agreed would be a simple instrument that introduces a European Data Protection Board, to better co-ordinate the work currently carried out by the Article 29 Working Party. Everything else (which means all the contentious stuff) will need to be put off for another time.
So, If European Commissioner Reding wants to stand on some podium next year, as she did last January when launching the document containing that bunch of words cobbled together to form the text of the draft Regulation, to proclaim once again “Ladies and Gentlemen, we have done it,” then the only thing that might have got done is the thing that many of us didn’t express much of an opinion on, anyway.
Over lunch, another commentator mused on the way the data protection community was poised to shoot itself in the foot. Here is a great example of a wide range of people who essentially want to do good, but being incapable of agreeing what “good” actually meant, they sadly explained.
As far as I’m concerned, the near hysterical atmosphere in which “negotiations” are currently being carried out, with some stakeholders playing to the gallery rather than intent on reaching a deal, really makes me wonder how differently a new round of discussions will need to be managed for there to be any chance of success next time, either.
Perhaps new faces are required at the negotiating tables.
Perhaps, too, I had better start crafting a lament about the demise of an unloved, fussy colleague.
I’ll call him Reg.