Britain Defends Its Right to Red, White and Blue Tape | Susan Hall · IP/ICT Lawyer

Britain Defends Its Right to Red, White and Blue Tape

Monday, 8th April 2013

I have exchanged letters with [the UK justice secretary] Chris Grayling on this, which is rather like Kafka. Britain is meant to oppose red tape; here Britain wants a supplementary layer of red tape. It’s crazy. The UK wants 27 rules – one for each country.”
—Viviane Reding, EU Justice Commissioner & Vice-President of the European Commission.

Chris Grayling - the UK’s first non-lawyer Lord Chancellor since 1672 - is on a collision course with the European Commission over its proposed new Regulation and Directive on data protection¹, which contain important proposals intended to update data protection law for the internet age, and to harmonise it across Europe.

These include the so-called “right to be forgotten” - a far-sighted move to require companies like Facebook to take down material individuals have posted on-line and now wish to remove. Critics claim the “right to be forgotten” is an unrealistic aspiration, but it is difficult to quarrel with the sentiments behind it. Those escaping domestic violence or who have been the targets of stalking or harassment are likely to find it invaluable. Similarly, it can be used as a weapon against “revenge porn” or “creepshot” sites, which publish sexually explicit or embarrassing material without the subjects’ consent, often in the aftermath of a messy break-up.

Paris Brown, the Youth PCC for Kent, has unwittingly provided a recent object lesson in the need for the right. The seventeen year old was appointed youth police commissioner for Kent, and then found Facebook comments and tweets from up to three years earlier coming back to bite her. Few of us would - if honest - choose to stand behind every word they said when showing off at the age of fourteen. It seems unrealistic to ask our children to live their on-line lives as if they should. Accordingly, the right recognises children are often more careless about on-line privacy than they should be, and that youthful mistakes shouldn’t be allowed to dog them into adult life:

“The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child…”

—From Article 17 of the Draft EU Regulations

Grayling’s hostility to the proposed regulation may also be as a result of US pressure. It would for the first time bring the likes of Yahoo, Google, Twitter and Facebook within the ambit of EU data protection legislation.

Such social media organisations have adopted business models in which their users are not their customers but their key saleable commodity. Revenues come from monetizing users’ data - including about gender, age, location, interests and purchasing decisions - to sell targeted advertising. Commercial pressures in a cut-throat environment creates a lack of transparency about how such data is obtained, used, stored and transmitted.

Confidence is not helped by the often cavalier attitude to personal privacy expressed by senior personnel. Eric Schmidt, CEO of Google, claimed, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Paul Bernal, an academic specialising in internet law at UEA, tweeted recently, “The trouble with writing a book about Internet privacy is that every time Mark Zuckerberg opens his mouth you need to write a new chapter.”

During 2012, the name of the woman raped by Ched Evans was being widely circulated on Twitter. Despite the prohibition on “illegal acts” in their terms of use, Twitter took the line they would only entertain complaints from the victim in person. Their inaction meant that the illegal retweeting of the victim’s name continued for days. She has now been forced to adopt a new identity and a number of the main offenders have been successfully prosecuted. Furthermore, in a recent lawsuit brought by the Union of French Jewish Students, Twitter sought to use the First Amendment to resist disclosure of the identities of users who had tweeted anti-Semitic hate speech under the hashtag #unbonjuif notwithstanding the case was brought in a Paris court in respect of Francophone tweets.²

All the above have cast doubt of the effectiveness of social media organisations to regulate themselves, and fuelled the demand for new, stronger internet privacy legislation. Ireland, which currently holds the EU Presidency, has pledged itself to push through the new law, and Ms Reding has made data security a personal crusade from the outset of her appointment as Commissioner.

Grayling, therefore, seems to be setting the UK up for a rapid and humiliating defeat. Not only is his position at odds with the Coalition’s views on reducing the regulatory burden on business, the data proposals are subject to the qualified majority voting procedure, as other commentators have pointed out³. The UK has no veto here, and, by opposing the legislation in principle, Grayling loses any chance of affecting its detailed drafting. This is important, since while a Directive has to be enacted by individual Member States into local law, a Regulation is directly applicable as drafted.

Certainly elements of the current draft require extensive clarification and amendment. Data protection always provokes a battle of competing ideologies against an ever-changing technological landscape. Furthermore, perfect privacy cannot possibly be achieved; what should be aimed for is serviceable privacy at a reasonable cost.

This is an area where Grayling needs to stop pointless sabre-rattling and start hammering out a new consensus on data protection and privacy. A new EU regime on data protection is coming: Grayling’s choice is to participate in shaping it or simply have it superimposed on us all without the UK’s input being heard.

Tagged

• Security
• Data Protection
• European Law
• Law