Talking about privacy

Cool. The European Privacy Counsel at Google, Peter Fleischer,  has a blog. And it is a good one. I found the  post on three ideas to update data protection especially interesting, as yours truly’s slowest PhD ever is looking at the failings of Data Protection Law, SOX and software.

Peter notes.

However, several principles of EU privacy law are out of date and need to be adapted to the global information economy. Foremost among these are the restrictions on transfer of personal data outside the EU. In past years, such transfer meant packing a computer tape or paper files into a box and shipping them to a far away location. However, nowadays almost any activity on the internet involves a transfer of data outside of the EU, so that strict application of these laws would cause the Internet to shut down

This post was lurking in my livewriter unfinished,  but the coverage by Dennis and James of the FSA fine of Nationwide, made me think about finishing it.

Dennis notes:

The FSA is clearly taking coaching lessons from the SEC, dishing out harsh fines for accidents and mistakes. The latest miscreant, Nationwide Building Society, got slapped with a £980,000 penalty after a laptop which contained sensitive customer data was stolen. The fine would have been £1.4 million but they were given a 30% early settlement discount

Dennis picks up on the audit failure angle in the case, and James and I both have an interest in Data Protection law and its lack of teeth.

James notes.

I recently wrote that from a shareholder value perspective it makes very little sense for companies trading primarily in the UK to invest significantly in more effective data protection controls because of a lack of penalties for not doing so. While it seems the Information Commissioner has done some useful lobbying work in this space lately, he has just been made to look rather ineffectual by the Financial Services Authority.

The size of the fine is impressive, masses bigger than anything the DP authorities have ever levied. 

Returning to DP law, the the lost laptop clearly falls foul of the 7th Principle of the Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

I’m not aware of any DP prosecutions for lost laptops. (If you know of any, please drop me a note btw If you follow UK technology law, then Nakedlaw is a must read.)

I’m all for a stricter implementation of privacy law. Why have a law if you can’t- won’t enforce it? If it had been a company outside of the financial services sector, and therefore FSA regulation, then who would have fined them?  I suspect that the FSA’a budget dwarfs that of the Information Commissioner.

Another James  commented on James’ post, and linked to  Ben Adida’s presentation.   It is well worth a watch, it is a short sharp introduction into why privacy matter.  Ben’s site is here, and his blog here.  He is now in my feed.

 The other day James wrote about the Sun Privacy Team, another worthwhile read.  Gosh, so much to read….

My prediction, warning:  I’m not great at predictions.

In about 10 years time, Privacy will be the new Green.

If you are interested in my thoughts on privacy and software, I recently had a paper published in the Computer Law and Security Report.  







2 thoughts on “Talking about privacy”

  1. privacy is already the new green. and as for the idea the laws are outdated because of the internet. that’s balls. there is no reason personal data collected for a particular purpose should leak into another context. its a question of good information architecture. i am always very wary of the now its pipes not tapes so laws no longer apply argument.

  2. James,
    Privacy law is a response to the threats that technology poses, so it needs to take technology into account.
    The current DP law is poorly drafted. The concept of “data transfer” made little sense even in the 1980’s, never mind today.

    10-15 years ago Green was fringe. Today VCs are climbing all over it. I expect the same will happen with privacy, but it isnt happening yet. I’d love you to prove me wrong.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: