An interesting morning yesterday at the launch of the Ministry of Justice’s Response to the Call for Evidence on the Current Data Protection Legislative Framework.
JANET’s evidence focussed on the difficulties of applying data protection law to the Internet: the current law has proved unclear on the status of IP addresses and similar pseudonymous identifiers, and contains a stark geographic distinction between Europe and America that the Internet (and individuals’ use of it) simply does not recognise.
It was therefore a little worrying that only “a small number of respondents” had mentioned these issues. Fortunately one of the others who did was the Information Commissioner, whose representative identified technology, pervasive computing and globalisation as key changes in society that require an updating of data protection law. He called for new legislation to be clear for both organisations and individuals, to provide a high level of protection without complexity, and therefore to be based on actual risks to individual, rather than the current system that often prefers absolute rules.
Both he and the speaker from the European Parliament identified difficulties that were likely to affect progress at European level: a tension between the desire to provide the strongest possible protection for users and not making it impossibly complex to provide services that those users want to use (the Directive is actually supposed to promote a free market in innovative services but is often, and sometimes accurately, portrayed as preventing that); a tension between a desire for complete uniformity of law (as proposed by the European Data Protection Supervisor) versus a harmonised approach that still permits differences of national culture; and the temptation to rely entirely on users making appropriate choices (“consent”) even under pressure from services that want to collect more information than is necessary. The Lisbon Treaty creates a challenging starting point for these discussions by requiring a single privacy framework to cover both economic and security issues. Previously these were handled by different European bodies that, on occasion, have reached very different conclusions on balance of rights and proportionality.
All the speakers seemed to recognise the importance of getting new legislation right and to be open to assistance in doing so, so there is plenty of work still to do.