Euro data protection: Great for punters, not for biz - MoJ wonk

Whitehall man seeks views on 'disproportionate' draft law


Comment A colleague of mine went to a lecture on the European Commission's proposed Data Protection Regulation last week*. One of the speakers was John Bowman, Head of International Data Protection and Policy at the UK's Ministry of Justice. His opening question to the floor was: "How many of you here represent consumer groups?"

Not surprisingly, a couple of attendees raised their hands. "Exactly," he said, warming to his theme, and went on to explain how the MoJ wanted to hear from business as to how the proposed Regulation would affect them and, in particular, the costs they would have to incur to meet the requirements.

He said that the government’s view was that the Regulation was all about protecting the citizen and that the Regulation was biased; he added that there needed to be more of a balance towards the interests of companies (ie, data controllers).

Bowman went on to say that the UK is in an economic downturn and we need to make sure business interests are protected at such a time. He said the Regulation “gold-plated citizens' rights”, was “disproportionate” and that we needed to “plough on with the British economy”.

He added that the US and the UK were leading the world on a digital agenda and that there was a strong economic argument that these interests should be protected (by minimising the impact of the Regulation the internet). He finished by asking all businesses to respond to the MoJ’s “call for evidence” (closing in early March).

The MoJ link to the "call for evidence"** echoes this data controller emphasis. It states that: “In particular, we would like information on the potential impact on organisations processing personal data, as well as the likely benefits to individuals through strengthened rights. Wherever possible, we would like this information to include practical, day-to-day examples of the proposals’ possible effects and monetised cost and benefit figures. We would also like views on the extent to which these proposals build trust in the online environment, whether they can contribute to economic growth”.

This approach is not surprising. All UK governments (from John Major’s government in 1990) have always had a minimal approach to data protection from the data subject’s perspective. That is why the European Commission claims that the Data Protection Act 1998 does not properly implement Directive 95/46/EC. (Readers may be aware that 18 of the 34 articles in the Directive have not been properly implemented.***)

My own view is that the MoJ "call for evidence" is fatuous. Has the MoJ issued a document that explains the Regulation in detail? (Answer: No.) So how can businesses make informed comments as to costings if they don't know how in detail the Regulation will apply? Is the MoJ expecting businesses to make their own interpretation of the Regulation by some strange osmotic process? In short, I think all the MoJ will collect is a spate of inaccurate costings and comments based on incorrect or incomplete interpretation of the Regulation.

And what will data subjects do? Well it’s obvious – if they have any sense at all they will write to the MoJ in their hundreds in support of the extended protection afforded by a Regulation (hopefully adding that they support the Regulation because the UK Government cannot be trusted following its failure to implement the Directive 95/46/EC properly***).

In short, the MoJ has set up a numbers game where the ministry wants to say that the vast majority of respondents are opposed to costly changes to the Data Protection Act. however, an embarrassing number of data subjects writing in support of the changes proposed in the Regulation would make that claim “sort of difficult”. ®

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Bootnotes

* The lecture was organised by Field Fisher Waterhouse – the city law firm that employs data protection stalwart Stewart Room and which hosts meetings of the National Association of Data Protection Officers – a information law grouping which has expanded its interest to cover FOI and RIPA issues as well)

** The MoJ's call for evidence closes on 6 March (a short time span) and can be accessed here.

*** A list of deficiencies in UK’s Data Protection Act identified by the European Commission.

Broader topics

Narrower topics


Other stories you might like

  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading
  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • Behind Big Tech's big privacy heist: Deliberate obfuscation
    You opted out, but you didn't uncheck the box on page 24, so your data's ours...

    Opinion "We value your privacy," say the pop-ups. Better believe it. That privacy, or rather taking it away, is worth half a trillion dollars a year to big tech and the rest of the digital advertising industry. That's around a third of a percent of global GDP, give or take wars and plagues. 

    You might expect such riches to be jealously guarded. Look at what those who "value your privacy" are doing to stop laws protecting it, what happens when a good law  gets through, and what they try to do to close it down afterwards. 

    The best result for big tech is if laws are absent or useless. The latest survey of big tech lobbying in the US reveals a flotilla of nearly 500 salespeople/lawyers touring the US state legislatures, trying to either draw up tech friendly legislation to insert into privacy bills, water then down through persuasion, or just keep them off the books.

    Continue reading

Biting the hand that feeds IT © 1998–2022