Robin Wilton's esoterica

Peter Hustinx, the European Data Protection Supervisor (EDPS), has published an 'Opinion' regarding the current EU Data Protection Directive. In Eurospeak, an 'Opinion' is not legally binding (as a Directive or Regulation would be), but is nonetheless a politically influential statement. I won't try and explain further. Oleg Gordievsky (I think in his book "KGB - The Inside Story") noted that the structure and processes of the European Commission were so confusing that they essentially were enough to prevent systematic intelligence-gathering by the cold-war Russian secret services.

The full text of Hustinx' report can be found here.

The bottom line, as it were, is that Mr Hustinx agrees with the European Commission that the existing Data Protection Directive does not need to be amended: rather, Member States ought to focus on achieving better implementation of it.

Here, though, is a summary of his recommendations, from the excellent Hunton and Williams Privacy and e-Commerce alert service:

Mr Hustinx stresses the importance of:

(1) full implementation of the Directive;

(2) considering the impact of technological developments on the Directive;

(3) having a global perspective and further developing rules on international data transfers;

(4) ensuring that personal data are protected despite law enforcement demands;

(5) adopting more sectoral data protection legislation (for example, regarding RFID);

(6) greater use of infringement procedures against the Member States;

(7) encouraging the use of interpretative communications by the Commission to clarify important questions;

(8) enhancing the use of non-binding instruments to increase compliance, such as privacy seals; and

(9) better defining the role of institutional actors, in particular the Article 29 Working Party.

I think it's both revealing and encouraging that, having identified the basic principle ("implement, rather than change the law"), his next three bullet items call for a greater focus on technological change, cross-border data transfer, and the balance between privacy rights and law enforcement access. I think he's right.

In other news, Google's CPO, Peter Fleischer, has called for governments and businesses to agree a common set of world-wide privacy principles. In his view, "The minority of the world's countries that have privacy regimes follow divergent models. Citizens lose out because they are unsure about what rights they have[,] given the patchwork of competing regimes".

I think he's being optimistic. A knowledge of one's privacy rights, in any given cross-border e-commerce or web application, would not make it materially easier to protect one's data, safeguard one's privacy, assess the risk involved, identify breaches and/or inappropriate use, or persuade lew enforcers to act on the case. Still, it's good to see Google thinking about the problem. 

The House of Commons Defence Committee (that's the Committee which looks at Defence-related issues, not the Committee for defending the House of Commons...) has published a report which is deeply critical of the ("appalling") standard of much of the barracks accommodation used by UK armed forces. Interestingly, it says that Defence Estates (the agency  responsible for managing the armed forces' real estate) has done good work but needs to do better, and that more investment is needed.

In its conclusions and recommendations, it notes that Defence Estates reported "staggering" over-achievement against some of the targets set for it by the Ministry of Defence. In fact, the report sets a somewhat skeptical tone concerning whether these targets are reliably indicative of good performance, or whether they were simply artfully chosen.

The report seemed to me to be particularly critical of the budgetary aspects of the whole scheme, especially the poor management of contracts with third parties, and the lack of any link between cash raised from sale of assets, and investing in improvements to housing stock. It also seems to me that it is not entirely fair to place the blame for this at the door of Defence Estates... given that they are the implementers of MoD and defence spending policy, rather than the makers of it.

If ever there was an argument for some degree of hypothecation in public sector funding, surely this is it. Hypothecation is the 'ear-marking' of funds raised for a specific purpose related to the way in which the funds were raised. For instance, hypothecated petrol duty might be spent on research into sustainable energy, and/or re-invested in the transport infrastructure. However, in the UK system, government revenue goes into a huge pot in the Treasury and is then re-allocated regardless of where it came from.

The MoD has sold off a lot of real estate assets in recent years - either to third party subcontractors who then continue to provide services to the Armed Forces (logistics, medical supplies and parachute packing are examples), or simply for re-use or redevelopment. It seems utterly bizarre that the profits from such sales should not be re-invested in improving the remaining real estate assets - particularly when these are known to require urgent, sustained and comprehensive attention.

Maybe it's just a cunning way of ensuring that returning squaddies yearn for the comforts of a rocky sangar in Helmand.