October 20, 2014

Data Protection: The Times They are a Changing, Slowly

As I write this, the identity of the new EU Commissioners with responsibility for IT-related matters remains uncertain. But it is pretty clear that Anders Ansip will be the lead for the Digital Market and it has also been made abundantly clear that one priority for the three new Commissioners with digital responsibilities is getting that pesky data protection reform package agreed.

I have some sympathy with the pedants who might be tempted to point out that having more than one priority means that nothing is truly a priority at all – it is just that some things are considered more important than others. And I have even more sympathy with the view of the hard-headed and weary who would point out that ‘wishing don’t make it so’ or waffle about beggars and horses. But while there was a time when the data reform package was mired in the mud and seemed quite likely to stay there while various nations argued about how best to pull it out, there is a palpable sense that ropes are being tied to carthorses and shoulders will be put to the wheel and it is about to resume its progress. As I hoped many months ago, the Google Spain judgment and the whole right to be forgotten furore have had a positive effect in adding just a little urgency to discussions.

So, six months from now, we might well have a new Directive/Regulation. And in 2017 we may have new rules. Well, whoopy do. At blinking last. (And who will be surprised if a number of Member States don’t meet the target for implementation?)

The sad fact of the matter is that the problems that the new rules will be addressing are the problems of today not 2017. In fact, that’s an optimistic analysis. Since most of the drafting was done some time ago, it was based on the problems of 2010 or 2012. We are probably just going to see the more recent problems glossed over or, at best, ‘solved’ with a bit of filler and a lick of paint.

It is a real credit to the drafters of the EU and UK legislation that underpins the current regime that, despite the occasional creak and overheating, the data protection machine is still in working order. So much has changed. I don’t think I am likely to be considered especially prescient when I suggest that a lot more will change by 2017. Many think that the new data protection regime is already outdated and that the rapid take-up of privacy invasive technologies will make it irrelevant before it is implemented. I think that underestimates the drafters’ skills and the efficacy of the statements of principle that are the foundation of data protection. But, given that this change has been so long in the making, I ask whether the lead-in time is really necessary or appropriate. Is there any solid reason why we cannot see the new regime enshrined in UK legislation for implementation in early 2016? I am not suggesting a DRIP-type rush through Parliament; of course we have to allow for proper debate and give business some time to adjust but do we really need to wait until 2017?

Can we really contemplate discussing the right to be forgotten in the context of the Google Spain judgment for another two years? It feels like 10 already.

My message to the Mr Ansip is this: Let’s get a move on. And, more important, let’s require Member States to do the same.

Name Change

At the recent and highly successful SCL Conference, SCL Trustee Anna Cook floated the idea of a name change for SCL. SCL Chair Roger Bickerstaff has since asked members for suggestions in his monthly e-mail to members and in a matching blog post.

I embrace change rather as I embrace porcupines (one of my less frequently indulged perversions). And in an industry where one lead player is called after a fruit and another after a river and when pretty well all the big law firms are called after people who are dead (and perpetually turning in their grave), I am not sure that what you are called really matters, provided that ‘SCL’ is a recognised brand. But, given that my straw poll suggests that many members don’t know what SCL stands for (to be fair, it is the ‘for’ and the ‘and’ that gives them trouble) and that ‘computers’ is a term one scarcely ever hears these days (save in a negative context), I suppose there might be a case for change. Certainly, SCL is utterly transformed from the Society that was formed all those years ago and its purpose and focus has shifted massively. That might be best reflected in a new name. I certainly encourage readers to give the matter some thought and to pass on their suggestions to Roger.