Still chewing through the GDPR, so that’ll have to wait. In the meantime, more evidence that the nicest word we can use to describe the current state of data protection in Europe is…disconnected.
First we have the European Commission desperately trying to reach an accommodation with the US on Safe Harbour after the European Court killed it off last year. Why the frantic deadline rush? Because the Article 29 Working Party – the European privacy working group – said they would take “all necessary and appropriate […] enforcement actions” if there was nothing in place by the end of this month.
All of this is in the context of the GDPR, which so thoroughly rewrites privacy and data handling as to make any putative Safe Harbour agreement pretty short lived. We’ll be here again by 2018, trying to square the same circle.
Facebook has just announced an Irish DC – choice of location in no way correlated to tax arrangements, of course – and we know Microsoft are building one in Germany (and fighting the US over email privacy in Dublin). That suggests to me that the global major players are fairly bearish on the prospects for lasting global agreements on data protection.
In the same month that the ECHR decided that you can spy on your staff, the UK High Court – referring to the European Convention on Human Rights for which the ECHR is the ultimate arbiter – has decreed that you can’t carry out pre-employment criminal record checks. This is coming from the same judiciary that has so far been silent on the vast expansion of state surveillance powers envisaged in the new RIPA.
Since we already know that most of your risk is internal – kindly substantiated by FACC’s recent $54m loss from internal “cyber”-fraud – it seems a little unfortunate that employers are having one useful tool for weeding out potential miscreants taken away from them.
Out in the real world, the refugee crisis is driving a re-examination of European integration. I can’t help wondering if the isolationist mindset that appears to be emerging from that examination will also infect cyber-policy, what with each Euro nation feeling driven to pronounce its own policy on encryption – French and Dutch so far against back doors, UK so far completely incoherent – and the Swedes, of all open-minded people, not just closing their border with Denmark but also looking to filter the internet. This is the same Swedes who previously refused to block access to the Pirate Bay.
I wrote about Data Protectionism a couple of years ago. I can’t help feeling that we’re seeing the end of the beginning when it comes to the internet as a driver of rapid and unregulated change and unmediated global reach. Unicorn-hunting may be getting harder.