Robin Wilton's esoterica

... but I'm not sure who's agreeing with whom. I blogged a few days ago about European Information Commissioner Peter Hustinx' 'Opinion' on Member States' implementation (or not) of the European Data Protection Directive. In essence, he suggested that the Directive didn't need changing, member states just needed to get on and do a better job of complying with it. Today, the most recent newsletter from Privacy Laws and Business sketches out a fascinating sequence of blasts and counterblasts:

- the UK Information Commissioner, Richard Thomas, has apparently used the most recent meeting of the Data Protection Forum to say that, actually, the Directive is indeed in need of being overhauled, as it is "highly confusing and overly prescriptive", and that to suggest otherwise, as the Commission did, is "deplorably complacent"

- Mr Hustinx apparently then took the opportunity to agree (!), saying that the Directive ought indeed to be reviewed in the 3-5-year timescale;

- meanwhile, the Commission itself has complained that an examination of the UK's implementation of the DPD reveals: "failings in the implementation of the following: the definitions (in particular that of personal data); the scope of the Directive’s application to manual files; the conditions for processing sensitive data; fair processing notices; data subject rights; the application of exemptions from these rights; remedies for individuals; the liability of organisations for breaches of data protection law; the transfer of personal data outside of the European Union; and the powers of the Information Commissioner. The corresponding articles are 2, 3, 8, 10, 11, 12, 13, 22, 23, 25 and 28.

Apart from that, one assumes, they've got it spot on. It's a bit like the entry on Sex in the Hitchhiker's Guide to the Galaxy:

"SEX: None.

For further information see Guide Chapters seven, nine, ten, eleven, fourteen, sixteen, seventeen, nineteen, twenty-one to eighty-four inclusive, and - in fact - most of the rest of the Guide."

With everyone successfully dazed by this balletic skirmishing, the news that the House of Lords is recommending a consultation exercise to plan UK legislation in the knotty area of Breach Notification is likely to hit the reader like a deftly executed estocada. The good news is that there is a substantial body of prior experience in this area. I hope the consultation exercise manages to capitalise on it.

"(21.09.2007) Minside har vunnet en europeisk pris for fremragende e-forvaltningsløsninger. Minside er et offentlig servicekontor på Internett, med Brønnøysundregistrene blant tjenesteeierne. Prisen ble utdelt under EUs fjerde ministerkonferanse om e-forvaltning i Lisboa."

"Minside (Mypage) has won a European prize for outstanding e-government solutions. Mypage is an internet-based public service bureau, with the Brønnøysund registry among the service providers. The prize was awarded at the EU's fourth ministerial e-government conference in Lisbon."

I'm delighted for the Minside and Brønnøysund teams, not only because all those I have met have been great fun, but also because they are keen proponents of the Liberty Alliance open specifications for federated identity, and in particular their implementation in Sun's Access Manager product... which just made it slightly surreal to hear the Brønnøysund registry cited as a reference project by Pierre Liautaud, Microsoft Vice President for Western Europe, in his address to the conference on Thursday. Mind you, he also offered the view that "projects can happen faster in countries where you don't have to go through a complex procurement process", which was an odd message to be delivering to a European Commission-sponsored e-government conference. Maybe he was just a bit punch drunk from some of the week's other events.

Anyway, if you would like to look into the Mypage project in more detail, here's a good set of case study materials, collected on the Liberty website.

Here's a photo of the happy winners. I hope they won't mind me noting that some of them were not looking quite so daisy-fresh the next morning, but who could begrudge them a celebratory glass or two?

The list of winners is posted here. Other winning projects were:

- The HoReCa1 project  from the Netherlands - a one-stop site for hotel, restaurant and cafe licensing applications;

- Besancon.clic, from France - a recycling project for used computers;

- DVDV, from Germany - an online registry of administrative services.

From Italy, the OLPS (Online Police Station) won a public vote for 'most inspiring good practice'.