Vice –President AFCDP, Association Française des Correspondants à la Protection des Données
The year 2013 has been intense in news about privacy. Which one would you highlight and why?
2013 will be reminded as the year when data privacy moved from a technical topic restricted to a community of geeks to the hotest discussion of everyone’s concern after the Snowden revelations and their snowball effect bringing to light the surveillance practices of our governments for national security reasons.
In the life of AFCDP, the French Association of Data Protection Officials, the highlight of the year certainly was the proposal for an EU Regulation and our joint collaboration with CEDPO members to support the position of the DPO in this framework. It triggered intensive brainstorming and roller coaster feelings to follow the whereabouts of the adoption process and to be active contributors.
Cloud, Big Data, Internet of things, automated cars… From the privacy perspective, which point of view should we adopt in view of the changes in technology?
“Relentless curiosity will keep us attuned to technological and business model evolutions for us, data protection practitioners, to exercise the adequate vigilance to preserve fundamental rights. It is also crucial to join our efforts and to share ideas with others from different backgrounds : legal, security, government, developers, marketers, regulators and from other countries to identify where to place the right balance fro reasonable and practicable implementation of privacy rules.”
If in 2014 the European Union does NOT see a new Regulation on Data Protection, what do we win, and what do we lose as EU citizens? And as privacy professionals?
As privacy professionals the feeling would be that we missed the momentum to show the world and businesses that we could harmonize our rules and therefore make them happen. It is indeed difficult to convince a data controller in an economy in crisis to be privacy compliant ; it is even more if there is no agreement on the rules. As for EU citizens, they are likely to remain a little longer in the internet mist where they are already immerged. We are however supporting a reform of our European data protection framework and we are hopeful that EU institutions will bring it to closure in 2014.
Which role should be played by the privacy professionals in the society?
Obviously, the data protection officer (DPO) has a different role to play than the data controller or the data protection authority. To borrow the expression of the last international conference of data protection commissioners, the DPO should be seen as a compass for data protection compliance : showing the direction and measuring the steps taken.