A Turbulent Time for Gathering Privacy Commissioners
By Sam Pfeifle
As host of this year’s 35th Annual Conference of Data Protection and Privacy Commissioners, Wojciech Wiewiórski, Poland’s inspector general for personal data protection, finds himself with privacy in perhaps its brightest spotlight ever. Not only is the European Union in the midst of the much-talked-about overhaul of the data protection regulation, but virtually the entire globe continues to be riveted by the news of U.S. (and other) government surveillance triggered by whistleblower Edward Snowden.
Perhaps that’s why Wiewiórski and his team, who have organized the open portion of the conference to be held at the end of September in Warsaw, have chosen to subtitle the conference: “Privacy: A Compass in a Turbulent World.”
And the “world” part of that is important to Wiewiórski, who emphasized a number of times in an interview with The Privacy Advisor that just because the conference is returning to Europe for the first time in four years, it would not be overly focused on the deliberations regarding the regulation.
In fact, much of the regulation discussion will be wrapped up in a session “devoted to the reforms that are going on all over the world,” he said, which will feature not only European parliamentarian Jan Philip Albrecht, but also Sophie Kwasny from the Council of Europe and Ann Carblanc from the Organisation for Economic Co-operation and Development with Marie Shroff, privacy commissioner of New Zealand moderating. How will the European regulation affect the Asia-Pacific Economic Cooperation (APEC)? How will other countries alternately follow Europe’s lead—or not—in their own deliberations about data protection?
“I think [the new regulation] may be influential,” Wiewiórski said, “but it would be very selfish to say that the European development is leading the way and the globe will be following.” Yes, there are many countries that will be governed by the new regulation, but “I’m sure that not every development done in Europe will be followed by the other countries,” he said.
He took care to note that ideas like Privacy by Design have come from outside of Europe and Europe is trying to create legal norms around the idea, which is fundamentally different from the way Canada originally imagined it. “There is influence from both sides,” Wiewiórski said.
Further, he cautioned not to underestimate the influence of Binding Corporate Rules and how they’ll be incorporated into APEC. “In my country, APEC is right next door,” Wiewiórski said. “Russia starts just 50 kilometers from where I’m living.”
What of the NSA revelations and programs like PRISM? How does he think the U.S. will be treated at the conference?
All eyes will likely be on the “Public Access to Private Sector Data” session, which will feature David Medine, chair of the U.S. Privacy and Civil Liberties Oversight Board. He’ll be joined by Joel Reidenberg of Princeton and Fordham universities and Ian Readhead, of the Information Association of Chief Police Officers.
“I don’t expect the Americans to be on the defensive,” said Wiewiórski, “but the public authorities in general may be on the defensive with the parliamentarians and the NGOs on the other side.”
Also, he said, “it’s important to remember that several other sessions during the conference may be influenced by the problems of PRISM and the things coming out of PRISM. At the same time as the public access panel, we have also the parallel panel that will deal with ‘Data Protection and Global Trade Law,’ and the [Transatlantic Trade and Investment Partnership] treaty between the U.S. and Europe will be at the heart of the agenda. That’s definitely one thing that will be affected by PRISM.”
It isn’t just the U.S. that is facing these hard questions of what to gather and how to use it, Wiewiórski said. “For countries like Germany, even Poland, Australia, New Zealand, the question is what can the authorities do with the data that’s stored on the Internet?”
That’s ultimately what this conference is for, he said: Asking privacy specialists from around the world to discuss what privacy actually means in the 21st century. Whether it’s trying to come to a consensus on problems surrounding mobile applications, as will be the focus of the closed part of the conference sessions, or looking at ideas on Do Not Track and profiling.
Even just commiseration on the day-to-day job of being a privacy authority (DPA) will be a focus. It’s no coincidence that side meetings at the conference include a gathering of those who are members of the Global Privacy Enforcement Network and a meeting financed by the EU that looks at the practical work being done by DPAs.
That work isn’t getting easier. Considering all of the privacy developments we’re likely to see in coming years, maybe privacy commissioners and data protection officers coming to the conference need something more than a compass. Perhaps a shovel.
Read More By Sam Pfeifle:
PCLOB to U.S. Intelligence: Update Data-Gathering Guidelines Now
PRIVACY IN POPULAR CULTURE: Privacy Is “More Complicated Than We Realized”
PricewaterhouseCoopers Exploring Privacy Roles
PRIVACY IN POPULAR CULTURE: Talking With Cullen Hoback, Director of Terms and Conditions May Apply