Friday, January 15, 2010

Privacy Officers with a French accent

Since I’m based in France, I’ve recently been appointed as Google’s “Correspondant” for data protection with the French Data Protection Authority, the CNIL. The profession of privacy officers is generally less developed in Europe than the US, and indeed, the position of “correspondant” was first created in France in 2004. Like many things in France, even this private-sector role is defined and guided by the government, in the long French tradition of dirigisme:

“From now on, local authorities, public services and associations are allowed to appoint a "Correspondant Informatique et Libertés" (CIL). It is a major innovation in the application of the law, as prior pedagogy and advice are emphasized. Indeed, the data controller which appoints a CIL is exempted, in most cases, from the notification process to the CNIL. The CIL has the duty to ascertain that the information system of the organization will expand without harming the rights of the users, clients and employees.”

As a privacy professional, I’m very excited by anything that supports the development of meaningful empowerment and development for the profession. As long as the role of Correspondant avoids the trap of becoming a purely administrative function, I think it could prove to become a serious contribution to the growth of this profession in Europe.

1 comment:

Tommy Vandepitte said...

Hi Peter,
just so you know, the element of an "inhouse data privacy officer" is quite common in Europe. If I am correct the origin is mainly to be found in the German legal tradition.
But also (a.o.) the Netherlands and Luxembourg installed that function mainly to have an advanced control in the "larger" companies so the data privacy commissioners (authorities) have a (single) point of contact. The upside for the company then is that the administration towards the data privacy commissioners should be less burdensome.

Best regards