Data Privacy Day: if not now, then when

From the press release: “The new Body of European Regulators of Electronic Communications (BEREC), which will replace the European Regulators Group (ERG), has its first meeting scheduled for 28 January 2010 in Brussels”.

This article will be conveniently short- as I think that privacy statutes and regulation should be.

If you are curious but either too young or too old- the second half of the title comes from an album that was often on the air in late 1980s, from Tracy Chapman.

Why the quote? Because it was an album with songs about rights intermixed with the usual romantic fare- written by somebody with an anthropology degree.

And why regulations should be short? Because privacy is a moving target- and also experts can get dumbfounded- can you imagine citizens?

A practical example.

In the first half of the last decade I was helping to set up a service on privacy for SMEs, and then happened to manage few projects were data privacy was a significant issue.

I was invited to a training session, to receive the same information that would have been received by my customers.

But just few days before the training was to be held, the privacy regulations were updated- and as I usually do whenever involved in something that is inherently dynamic, I reviewed the day before the training the latest version.

If you want- I reviewed by exception (as currently almost every country is hopefully used to update laws by listing changes between versions- a nice spill-over effect from ISO9000 and its siblings).

On the training day, I skimmed through the material before the session started, and then shared the info with the expert, who admitted not to be aware of the updates.

But many others experts that I met were supposed to be experts on data privacy, after a mere few days of training.

And almost none constantly monitored the evolution of their own field of expertise- or had something more than a rota-learning knowledge.

If you want: if data privacy is a right, are tens of pages of legalese the most appropriate way to ensure that everybody exercises his or her right?

And should those pages really be different in each member of the EU?

A travelling citizen has no clue about her or his rights- probably, (s)he assumes that the rights applied in the country of origin apply whenever (s)he is travelling across EU.

The first meeting of the new BEREC could be a chance to try to extend the ECB model to other issues.

By moving closer to the citizens.

At least by adopting a mutual “what is going on in other EU countries” on each national website.

To make at least national legislators and citizens’ organizations aware and coordinate their efforts to really harmonize data privacy rights EU-wide.

Incidentally- this approach is an organizational strategy that is not unknown in the private sector, when the organizational coordination between independent entities becomes too cumbersome (i.e. expensive).

And it could be a way to allow the humble, individual citizen the same level of protection, EU-wide, that currently is available only to organizations able to afford a legal representation in each jurisdiction within EU.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s