Sunday, 5 June 2011

Out of the mouths of Europeans?

We in Britain can often be highly suspicious of things that come out of Europe – and particularly so when it comes to laws. There’s a level of distrust, a degree of distain and sometimes a sense that these ‘continentals’ really don’t know what they’re talking about, and that somehow we need to save them from themselves.

Two prime examples of this are current in the world of privacy law. Two pieces of legislation, one current, one proposed, have been given the disdainful British attitude over recent months.

The first is the so called 'Cookie Directive' which came into force on May 26th, essentially suggesting that installing or amending any cookie on any user’s computer would require prior, explicit and informed consent. A strong requirement, and one that was launched amid confusion and complaints – needing to be clarified not just by the issuance of advice by the ICO but subsequently 'clarified' by the DCMS in a way that many people thought just added more confusion. The attitude from ministers that suggested they really thought it was essentially stupid and that complying with it was pretty much irrelevant. The Open Rights Group summed it up well, suggesting that Ed Vaizey thought it was all meaningless.

The second is the proposed ‘right to be forgotten’ - an idea currently being pushed by European Commissioner Viviane Redding for inclusion in the forthcoming revision to the Data Protection Directive. This time it was Ken Clarke's turn to be dismissive and disdainful, suggesting in a speech to the British Chamber of Commerce in Brussels that it was unworkable and, in essence, that the Europeans need to listen more to the British. As he put it:

'I am optimistic that there's a common sense solution on this. Our experience in the UK is that security, freedom and privacy are possible.'

Perhaps, however, it's us, the British, who need to listen more to the Europeans rather than vice versa. For sure, there are problems with both of these two issues. The cookies directive is highly problematic, probably over-the-top, somewhat confused, and clearly very hard to work out in practice - which is why only three of the 27 member states had actually implemented it within the prescribed timescale. The right to be forgotten is ill-defined, also confused, and capable of producing over-emotional reactions - which is why I've blogged in the past about renaming and refocusing it - and clearly needs more thought. Both, however, exist for good reasons - and the problems with them should not blind us to those reasons.

The cookies directive was brought in because people are, justifiably, concerned about being tracked, profiled and monitored without their permission, knowledge or understanding. The right to be forgotten is being considered because people are, equally justifiably, concerned about the amount of data being gathered and held about them, and the purposes to which all this data is being put. These are genuine concerns, connected with real rights of great importance - and so far the internet industry and most governments (and particularly the UK government) have paid scant attention to them, and done little to allay our fears or deal with the problems. The European Parliament and Commissioner Redding understand those fears - and want to do something about it. Their reactions may not exactly work, and may even cause more problems than they solve - but they have at least tried to address the issues. Rather than react with disdain and superiority, it would be far better if our ministers listened a little more - and understood that they need to do something....