UK Information Commissioner Christopher Graham makes no apologies for being a “data protection bureaucrat.” He would argue that’s exactly what the world needs more of as it faces the privacy issues of the future.
Without strong regulators, he argued at the IAPP Europe Data Protection Intensive, it will be impossible to retain consumer confidence in an economy that will increasingly be based on open data, Big Data and the digital delivery of public and commercial services.
In fact, he argued, “The ICO office provides a model for DPAs that are well-placed to be effective guardians for citizens and consumers but also partners for service providers and public authorities. But to be that, DPAs need to be given the tools to do the job expected of them.”
Yes, that means money. And, yes, that means audit powers. And, yes, that means an overarching regulation that isn’t overly proscriptive and allows a data protection authority to be creative in enforcement.
“Regulatory authorities are going to need to be independent,” Graham said, “adequately resourced and with appropriate powers to be able to tell truth to power, whether that’s government or corporations. There’s no point in passing laws if you don’t equip the policeman to do the job. Without adequate protection authorities in place across the EU, then the regulation you put in place is merely an aspiration that may or may not be adopted. It’s just a wishlist for lots of good practice. I think the wishlist is generally too long. If you don’t have adequate arrangements for enforcing it, it’s futile. Actually, it’s worse than that.”
A regulation that’s not enforced harms privacy more than it helps, he argued, because it undermines the very consumer confidence it’s meant to inspire.
“Less is more,” Graham argued. “If you have an overarching, principle-based approach, it’s much better able to be flexible and deal with new challenges.”
Finally, the brave new world of privacy that Graham envisions is one in which global DPAs work tightly together. “Whether it’s Europe or North America … I want to suggest to you that a major challenge for the data protection business is to cope with the fact that citizens are increasingly aware of and concerned about their privacy, and an important contribution (from the global DPA community) is going to be dealing with the crisis of confidence that citizens and consumers have in the way things are going in business and government,” he said.
“I believe that effective regulation is key to restoring that confidence … Unless we respect the rights of citizens and consumers,” Graham said, “we don’t restore the confidence and we can’t make the opportunities provided by new technology effective.”
If you want to comment on this post, you need to login.