Is our new government, committed as it is to rolling back the state and curbing electronic intrusion and collection of needless data about us, set for an early confrontation with Brussels on the subject of data privacy?
That seems very possible given reports the Commission has told the Ministry of Justice it needs to give more powers to the Information Commissioner’s Office (ICO), the UK privacy watchdog.
Apparently Brussels says the current data privacy legislation isn’t tough enough and that the ICO should have more powers – powers some (and not just those in Number 10) might think a tad strong for the British taste.
How about taking away court powers to refuse the right for people to have information about themselves corrected or deleted? Or powers to check other countries’ data protection practises before international transfers of data can take place? Random checks on people or data processing organisations, or penalties after such checks, as EU law says it should?
As far as the Commission is concerned, the UK is failing to meet EU standards and we could eventually be hauled up in front of the European Court of Justice, which is what happens to all naughty EU countries who don’t follow all the rules, apparently. In the words of the relevant Commissioner, we have a "guard dog tied up in the basement" by not making the ICO scary enough.
Hmm. Well, as we all know, the ICO was given new powers this April to increase fines of organisations it finds in breach of the DPA of potentially up to half a million squid. It regularly names and shames bodies that it feels have flouted basic information security hygiene on its web site; and at least in the abstract, we all agree that we could be doing more as an industry to protect customer and citizen privacy.
But where do we draw the line? Security vendors and consultants are always demanding transgressors of security regulations should be put in the public stocks, tarred and feathered, struck off being company directors – you know the story. We sort of listen and agree but feel it is all just posturing to give them a business case, which most reasonable business people feel to some extent they legitimately have.
But making the ICO radically stronger? Changing UK law to allow more Big Brother snooping activities? Really not sure about that.
Nor do I suspect that our new Prime Minister will either, or his team. Recall that six weeks in, ID cards are dead, the DNA database rules are to be tightened, CCTV is to be much more highly regulated and the children’s database CheckPoint is to be eventually scrapped: quotes like, "This government is going to transform our politics so the state has far less control over you, and you have far more control over the state… It is outrageous that decent, law-abiding people are regularly treated as if they have something to hide."
Two agendas are heading for an almighty collision here. In the middle is the ICT leader, at least potentially, trying to work out where to put his head in a potential information security war. Be careful out there – it may get nasty.
