Looking for things to do on those long, hot(ish) summer nights (or at least the few we have left)?
Why not take the time to read the Ministry of Justice’s recent call for evidence on the Data Protection Act.
Sounds too dull? Maybe – but for those of us who work with the DPA, it looks as if this is the long awaited opportunity to get some of that frustration off our collective chests by looking to contribute ideas as to how the legislation can be improved.
The MoJ have highlighted what they see as being the key themes and these are:
- The definitions used in the DPA
- Data subject rights
- Data controller obligations
- Powers and penalties of the Information Commissioner
- The principles based approach
- Exemptions under the DPA
- International transfers
All pretty fundamental stuff.
One major inhibitor to any outcome will be the fact that the UK government can’t just do what it wants. The DPA implements a European Directive and it will be the shape of that Directive that ultimately drives the DPA. This exercise is being conducted as a precursor to a wider EU debate on the Directive and the UK’s views will simply be thrown into the melting pot along with the views of other member countries.
That said, there does seem to be a recognition that the Directive does need overhauled. The world has moved on massively since the current Directive was put on the statute book in the mid 1990’s and, as with all laws that regulate activity that is supported by technology, there is the constant challenge of making sure that the law keeps up with the pace of change and is relevant (and workable). For instance, how does data protection handle concepts like cloud computing where data is being hosted in a virtual environment where the physical location of the data (and, in many cases, who it is being hosted by) is very difficult to ascertain.
Coming back to the UK level, and leaving aside the bigger picture issues, from a personal perspective, I really do hope that the legislators take the opportunity to rework the DPA into piece of legislation that is easier to understand for everyone – not just specialist DPA practitioners. In my view –and for what it is worth – the legislation is overly technical in its drafting – being too focussed on the detail rather than the desired outcomes – and this means it is inaccessible to far too many. This leaves the DPA prone to misunderstanding, meaning that it is often misapplied in practice and that leads, in turn, to controversy which brings the legislation as a whole into disrepute with some even calling for wholesale repeal on the grounds that it is just unnecessary red tape. I don’t subscribe to that view. I think the DPA is a hugely important piece of legislation and the concepts that is seeks to underpin in terms of how our information is dealt with – fairness, transparency, respect to legitimate privacy interests, taking data security seriously etc – are even more relevant today than they were back in the 1990’s. In short, the legislation is worth saving; it just needs improving.
Which brings me back full circle. If you want to see change then don’t just grumble, take the time to read the Call for Evidence and send your views to the MoJ. The closing date for responses is 6 October 2010.
On August 19, 2010