A tale of three conferences…

IT Law certainly seems to be flavour of the month. Even more particularly, it seems to be flavour of the next couple of days. Today and tomorrow there are three conferences on different aspects of the subject, all of which I’d like to be at… if only I could be three places at once.

Starting in Yorkshire…

The place I’ll actually be is Leeds, for the Human Rights in the Digital Era Conference: Professors Andrew Murray and Viktor Mayer-Schönberger will be providing the keynote speeches, while I’ll be presenting on a topic which I hope to be making a central part of my work in the next year or so, the idea of a right to an online identity (you can find my prezi here). Other excellent speakers include Jim Killock of the Open Rights Group, whose work is of increasing importance – particularly with the current government seemingly following the recent trend of seemingly being in thrall to the copyright lobby, if Jeremy Hunt’s suggestions are anything to go by – and my colleague Emily Laidlaw. It should be a fascinating day – and a subject of great current interest.

…and at the same time in London…

…the Society for Computers and Law is having its annual policy forum – with the focus on the ‘New Shape of European Internet Regulation’. Chaired by Lilian Edwards, and with contributions from such as Caspar Bowden (newly liberated from Microsoft) and my colleague Daithí Mac Síthigh, it’s another event of immense current interest, and one which I’m sad to have to miss. I’ll be following it on twitter (probably on #scl) and I’m looking forward to hearing more about it after the event. Daithí’s presentation on the App Store should be particularly good!

Meanwhile, in Poland…

…Warsaw is hosting the latest Creative Commons global meeting. At a time when attitudes and approaches to copyrights seem to be getting if anything even more regressive, with the EU Council voting this week to extend copyright on sound recordings from 50 to 70 years, and as noted above, Jeremy Hunt setting out an aggressive and punitive strategy for dealing with online piracy, finding imaginative and effective ways forward for dealing with intellectual property issues is of ever growing significance. Lots of interesting people will be in Warsaw, putting together lots of excellent ideas – and again, I’m looking forward to reading and hearing all about it.

Three conferences – but common themes

Three very different conferences, three very different cities, three seemingly quite different agendas – but they all tie together, and they’re all attempting to address issues of crucial current interests. The Leeds conference focusses on human rights, the London conference on regulation, the Warsaw conference on creativity – but the issues all interact with each other, and all impact upon each other. If, as the likes of Jeremy Hunt suggests, we use the twin heavy hands of law and finance to try to ‘protect’ our ‘creative’ arts (though the idea that Cliff Richard, one of the figureheads sent out this week to support the extension of copyright, represents ‘creativity’ is a somewhat difficult to swallow), then it is likely to be human rights that suffer.  Those of us interested in human rights need to be doing everything we can to prevent the focus of regulation – indeed, the new shape of regulation – to be protecting copyright at the expense of those human rights, which, ultimately, is what the copyright lobby is intending to bring about. Human rights, regulation and creativity are all very closely connected – as these timely conferences should do their very best to make clear.

The ICO: between a rock and a hard place? Not really…

In the last week I’ve been to two events in which representatives of the Information Commissioner’s Office have spoken. First came the 16th March meeting of the Society for Computers and Law entitled ‘Privacy by Design: Grand Design or Pipe Dream?’ at which Steve Wood, the ICO’s ‘Head of Policy Design’ spoke to a mixed group of lawyers of various kinds, some representing companies in the computing business. Then, on 22nd March, the Information Commissioner himself, Christopher Graham, spoke to the Westminster Media Forum, which was discussing ‘Social media, online privacy and the ‘right to be forgotten’.

On both occasions, the representatives of the ICO had a pretty rough ride, one way or another. At the first meeting, Steve Wood was given a hard time by people working in or for the people providing online services for the way that the ICO has dealt with the ‘EU Cookie Directive’, about which the ICO has recently issued a warning, suggesting that ‘UK businesses must ‘wake up’ to new EU law on cookies’. To put it at its most basic, the ICO was being castigated for being too tough on the industry. Steve Wood’s primary defence seemed to be ‘don’t shoot the messenger’, and that all they were doing was following orders from the EU, though how well that defence went down with the audience seemed a little unclear.

At the Westminster Media Forum, the Commissioner himself had an equally rough ride – and I have to admit that I was one of those who asked him a question that was perhaps a little negative in angle, wondering why so little attention was paid to data minimisation by the ICO, despite it embodying some of the most fundamental principles of data protection. The reply I got was somewhat terse – but my question was one of the gentlest that the Commissioner had to answer. In effect, he was being challenged by privacy advocates, consumer groups and others (including Microsoft’s Caspar Bowden) for not being tough enough on the industry.

So what are the ICO to do? One week they’re attacked for being too tough on the industry, the next they’re attacked for not being tough enough? Are either forms of attack fair or justified? Is there anything that the ICO can do to meet the expectations of both sides? Is the problem just an intractable one that can’t be resolved?

As someone who’s on the privacy advocacy side of the debate, I have a lot of sympathy for the ICO. They do a lot of good things, provide a lot of good guidance, and generally say the right things. They try to tread a delicate path between the industry and the people – and do their best to tread that path with care and without causing too many fights – and have asked (and now received) for some more ‘teeth’ to punish those who transgress and deter those who might be tempted to.

Still, however, I find myself wanting to criticise them quite a lot of the time, and find myself in general agreement with NGOs like Privacy International who wondered in February whether the ICO was fit for purpose. Why? Mostly, because the role I think they should be playing does not seem to be the role that they think they’re playing. They shouldn’t be playing a kind of conciliation service, working out compromises between the industry and the people – they should be on the side of the people first and foremost, and supporting those people’s rights. We haven’t got anyone else on our side – while the industry has huge amounts of lobbying power, together with the support of great ministries of government to whom trade and finance is the be-all and end-all. They also have the tacit support of large parts of the security lobby, who’d like as much surveillance and data retention as possible, as many back-doors into websites and social networks as possible, and would be happy for the industry to do the building, gathering and retaining of data for them.

So does the ICO need to be so careful not to upset them? I don’t think so – they should be braver to speak out and upset companies when those companies need to be upset, and to challenge them when they need to be challenged. They shouldn’t be ashamed of this – Steve Wood seemed highly apologetic at the SCL meeting, as if he was ashamed to acknowledge that, deeply flawed though the Cookie Directive may be, it was introduced to address a real issue, and a real issue that the industry had failed to address themselves. If the ICO ends up caving in on this issue too, it really will be showing that it’s not fit for purpose…