ICO Starts Blogging With A Look At Online Privacy

The Information Commissioner’s Office (ICO) has got the blog bug. The organisation’s website has just added its first entry which comments on European privacy law reform.

Deputy Commissioner David Smith opened his blog and set the scene, “Welcome to our blog. Writing this is a new experience for me and is the start of a new venture for the ICO. From time to time we will be blogging on current information rights issues.”

Making the privacy debate public

Diving straight in, Smith starts bashing the European Commission for its bureaucratic latency. The EC should have published guidance on the forthcoming revisions to the 1995 Data Protection Directive last summer, but did not. After another broken promise of a drafted Christmas present, it has made a promise that the New Year will bring a resolution.

Smith (pictured) is just as much in the dark about the content of the new guidance document and pointed out that speculation even covers whether the update will be a new set of directives or direct regulation. Directives tend to be give-or-take, he pointed out – as long as the end result matches the directive, how it is brought about does not matter. A regulation is a set of rules which must be applied in the same way by every EU country.

Smith is tipping regulation as the way to ensure uniform application of any new privacy protection controls.

“Speculation has also been rife as to whether there will be one new legal instrument or two,” he wrote,“one to replace the current directive and one to cover the former third-pillar areas of crime and justice. Two instruments would fit with the UK government’s right to opt out of new EU measures covering the former third pillar, but might make it harder to achieve our objective of a single, overarching framework applying to all the processing of personal data carried out in the EU.

The reason for Smith’s blogging subject is the release of the ICO’s own “briefing for stakeholders” which covers the issues to be considered by the EC. Not least, though not directly mentioned, is the Patriot Act which cuts across Safe Harbor promises of applying EU rules to EU data stored by US companies.

Like many others in UK and European government, Smith does not directly refer to the Act. In fact, he appears to see the US as a positive influence.

“One thing that does stand out is how influential large multi-national, mainly US based, businesses appear to have been on the Commission’s thinking, particularly in relation to harmonisation,” he wrote. “At a recent conference Paul Nemitz, a senior Commission official, went out of his way to say how the Commission would welcome a higher level of engagement from those representing European business and citizens’ interests”.

In January, the European stance should be clearer and later in the year will see a draft of the directive or regulations.