The next session, called “Naked Citizens! The Data Protection Regulation and why you should care about it”.
The speakers were Anna Fielder from Privacy International, David Smith, the Deputy Information Commissioner and Kasey Chappele, a Lawyer from Vodafone. Fortunately for Kasey, no-one asked about about Vodafone’s Tax Affairs. She went through some of Vodafone’s route to where they are today, and they are quite proud of where they’ve got to. Critically, she argued that while Privacy is seen as a compliance issue, it won’t improve, it’s only when companies start to compete on Privacy that managers will treat Privacy as more than a burden. Other highlights include the pithy,
“How come we have so much process, yet so little privacy?”
She also suggested that there are at least two reasons, one is that the law and mechanisms for collecting consents is very poor; partly caused by the complexity of the law but also some businesses have business models that deliberately minimise the rights of privacy that their product possesses. This is illustrated by the huge lobbying effort going on in Brussels to weaken the EU’s Data Protection laws as they are revised. (It’s clear that it’s not only business that have this view, a number of Government Agencies around the world have little regard for either their citizen’s or the rest of the world’s citizenry’s privacy rights.)
Kasey was followed by Anne Fielder, of Privacy International. The first thing was a spat-fest on how to pronounce Privacy; it seems its transatlantic thing. The highlights of Anne’s speech were
The EU’s Parliamentary Scrutiny of the coming EU Data Protection Directive has been bogged down by the tabling of 3000 amendments, currently being scrutinised by the European Parliament’s LIBE Committee.
The US delegation to the Transatlantic Trade and Investment Partnership (TIPP), a process championed by Cameron is trying to exclude the Data Protection regulations and the European DP scheme, despite including data flows. The US seem keen to include the de-regulation of data flows, but also to avoid needing to conform to the EU’s privacy laws. I think we can see why now. The US has negotiated a safe harbour relationship with the EU, whereby the US is deemed to be an appropriate country to send personal data to. A member of the audience asked if the #PRISM story means that the EU should consider revoking the safe harbour agreement; the panel seemed to think that the US was failing to meet its commitments before the story about the extent of warrant less surveillance broke. The US law was clear; European data subjects were subject to warrant-less enquiry if the data was held on US owned computers, no matter where in the world the computers were located. This was a position reinforced by the Patriot Act but in fact preceded it.