David Erdos Centre for Socio-Legal Studies University of Oxford
Purpose of talk Introduce and get feedback on the core elements of my new Leverhulme DPOS project. Examines the tensions between the Data Protection and the core values of an “Open Society” – freedom of expression and information. Broader aim from this of building a more principled and realistic DP regime. Both project and the talk are structured around the key themes which will define my inquiry.
Themes of Project & Talk Foundations Philosophy Structure Development Puzzles Media Research Transparency Synthesis Future structure of Data Protection
Philosophy: The Data Protection Concept Not very coherent or easy to handle concept Informational self-determination “Misuse” = invasion of individual privacy? Prevent misuse of personal information (within information management systems) Other values = fair decision-making; preventing annoyance e.g. spam
Philosophy: The Open Society Concept Also a concept of many different variables and aspects Plural, decentralized and flexible society, rooted in a broad interchange of information and ideas b etween the individuals and communities which it comprises. Freedom of Expression Requirements for Transparency But need for balance even against privacy claims
Structure of DP: The Eight “Principles” Exemptions exist but specific including as to purpose 1. Fair & Lawful Processing Legitimating ground?( Ordinary Data v. Sensitive Data) Notification (to DP Authority and Data Subject) 2. Limited and compatible purposes 3. Relevant (adequate, not excessive) 4. Time limited 5. Accurate 6. Subject’ Rights Adherence 7. Secure 8. No export without “adequate protection”
Development of Data Protection DP 1.0 (late 1970s – late 1990s) / DPA 1984 Loosely worded principles Discretionary DP Authority key “enforcer” Limited internationalization Exemptions based largely on pragmatism DP 2.0 (late 1990s – current) / DPA 1998 Tighter and more stringently worded provisions Discretionary authority but also hard law Extensive internationalization Pragmatic exemptions plus journalism, literature & art
Many fundamental questions remain e.g.: What is DP for anyway? What is “personal information”? What role is there for private enforcement?
Role of Foundations to DPOS Project Provide critical grounding to more specific inquiries Tally with the strongly historical approach of project Help direct project towards engagement with broader debate on drafting on new Data Protection 3.0. Comparative survey of DP law & DP Authorities Archival, literature and case law analysis (UK-focus) Integrate questions into more specialized work
DPOS Puzzle: The Media 1. What is the Media(Journalism, Literature & Art)? 2. What DP Exemptions are/should be available to production of such material? 3. What regime should govern the (re)use of material produced by the media especially that placed on the Internet?
DP & Media: Examples of confusion QUESTIONS AS TO SCOPE: Google Street View Politicians’ speech (Quinton v. Pierce 2009) Blogs, personal websites (Lindqvist case 2003 etc.) User-Generated Content: Ratings websites etc. QUESTIONS AS TO STANDARDS: WP 29 opinion on social networking photos re: consent Rating websites (e.g. of teachers) Reflects deeper confusion about how to limit DP: (i) By scope of law; (ii) by principles; (iii) by exemptions
DP & Media: Planned Work Historical analysis using archives etc. Analysis of law and case-law (comparative element) One or more specific case studies General interviews with key actors
Case Study: Teacher Rating Sites Database-focused Worldwide, Full-Text Retrieval Details can intimate (personality, character) Strong likelihood of employer use Long-standing DP Employment Code PRO-REGULATION Aspect of freedom of expression Data generated by millions of decentralized “speech acts” (UGC) Focused is on public role activities Difficult to set boundaries if to be regulated ANTI-REGULATION
DPOS Puzzle: Research Governance History of separate and (post DP Mk 2.0) more onerous regulation than the “media”. Under-recognized influence on growth of formalized ethical and governance review. Concern that such review restricting valuable research in the public interest. Strong case that (much) Research is a (particularly valuable) form of Media (Journalism, Literature or Art)
Research Governance: Planned Work Focus on UK but also comparative (incl. US) element. Doctrine DP Research Provisions Research & JLA Provisions Academic Freedom Protections Research Policies Role of DP in development of policies Content and interpretation of policies Research Practice Effect of policies on research practice Extent policies seen as internally legitimate.
DPOS Puzzle: Transparency WHAT STUDYING? Freedom of Information (FOI) Voluntary disclosure Conflict of interest disclosure Campaign finance laws etc. Dr. Pat on Flickr WHY? Raises similar DP- Open Society tension Generally no formal DP exemptions DP-FOI interface generated significant case law
DP & Transparency: Planned Work Analysis of FOI law and case-law (comparative element) Analysis of current understanding of the DP- FOI/Transparency Interface (possibly via a survey) Small case studies regarding any role of DP in formation of e.g. disclosure legislation and/or conflicts of interest policies.
Some (very) tentative conclusions Data Protection is not in good health Significant reason for that relates to the developments and conflicts DPOS examines Analysis so far indicates both that: A narrow purpose specific “media” exemption cannot properly accommodate open society values In today’s environment no activity should be entirely exempt from the values DP aims to protect Significant reform of law and practice is needed and this project aims to help chart a way forward.