Wednesday, 21 January 2015
Data Protection and Access to Information: An IALS Lecture
This lecture acknowledged the awkwardness of the various conventions, directives, acts etc., which go to make up the legislative framework of data protection/access to information. There were some interesting insights simply because (shock horror) I'm not aware of the history of data protection, and I had never thought about why 'freedom of information' was actually a complete misnomer. It should be 'a right to access administrative documents' legislation.
It also explained why continental European attitudes to data protection are quite different from those in the US. It turns out that from the earliest times, the Bevolkingsregister in Amsterdam required citizens' religion so that church tax could be allocated. However when ID cards were issued during WW2, German officials could easily identify the Jewish population and...it didn't end well. There was a large 'data breach' by the resistance on 27 March 1943 where three incredibly brave people blew it up. It was finally destroyed on 11 April 1944 by RAF 613 Squadron. So preservation of privacy has always been important in Europe in light of historic events.
As an academic lawyer terminology is very important to him. He warned us about the unfortunate and confusing term 'data protection' which could be confused with 'data security'. Given that this is such a growing area, this is a particular worry. Data protection is not data security. In terms of the current state of EU legislation, the Private Sector Draft General Data Protection Regulation legislation is currently with the Council of Ministers, as of 19 December 2014 - it has taken a while to get to this point. The public sector has a separate directive.
Globally it is still seen as an issue and the UN's report on 'The Right to Privacy in the Digital Age' raised many issues about surveillance, the UN High Commissioner on Human Rights calls attention to "the disturbing lack of governmental transparency associated with surveillance policies, laws and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability”. They recommended more study; personally, I think we need more action.
The history of access to information was also discussed. Sweden was the first European state to draft and enact a 'freedom of the press' statute in 1766. This is an astonishing piece of enlightenment thinking in action, and yet it didn't last long as it was overturned in 1772 by Gustav III. After touching on the US, France, he mentioned Article 19's global index. This rates countries on their efforts - the central idea behind the RTI Rating is to provide RTI advocates, reformers, legislators and others with a reliable tool for assessing the overall strength of the legal framework in their country for RTI.
This gives a flavour of the talk's scope but the questions after were most useful. One person highlighted a recent transparency report where the UK was still top of the pile - thanks to the FoIA, I would imagine. Any piece of legislation which 'utterly undermines sensible government' is clearly a good thing. Another question was about the General Election and what would happen if the Freedom of Information legislation was repealed - how would they do it etc. The answer being 'probably by SI and quite stealthily'. Overall I think the lecturer was surprised at how effective the UK FoIA had been.
A lawyer asked, given how complicated the legislation is, how we could make it easier for the public to understand. A tricky question, which James Michael answered by making reference to school students. They don't value their privacy until they find out that universities look at social media and turn them down on the strength of their profiles. Until you find out that you've been hurt, you don't really think about it - or even know if you have been affected.
The right to be forgotten is always going to be a problem because once the information is out there, there are limits to what you can do. Encryption, deletion will do more to protect privacy than any legislation. He quoted from a leader in the Times after the 'right to be forgotten' case which said that a good commercial rep man firm will do more to save reputation, rather than Google.
He concluded on a question regarding legislation, that legislators will only ever aim for the low hanging fruit. They will deal with easy targets and avoid the tricky or controversial issues. Where trade and commerce and national interests collide, they will do their best to circumvent them. Then it just becomes a box ticking exercise.
All in all, an excellent lecture with some really interesting nuggets of information.